Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ACNS, ICAP and Symantec

Folks,

I'm running ACNS 5.4.1 on a CE-565.

All is well except ICAP for anti-virus which I just enabled the other day.

When I go to a website with a virus, such as EICAR.org, the Symantec box detects the virus, however the user is never notified of the virus.

Instead of getting the configured virus alert message from the Symantec device, the user gets the "Page cannot be displayed" Internet explorer message.

Here is my current config:

! ACNS version 5.4.1

!

device mode content-engine

!

!

hostname ContentEngine

!

http age-multiplier text 80 binary 90

http cache-cookies

tcp server-rw-timeout 180

http max-ttl days text 6 binary 14

http min-ttl 20

!

!

clock timezone US/Eastern -4 0

!

!

ip domain-name X.X

!

!

gui-server secure port XX

!

!

interface PortChannel 1

ip address 10.252.60.10 255.255.255.0

exit

!

!

interface GigabitEthernet 1/0

channel-group 1

exit

interface GigabitEthernet 2/0

channel-group 1

exit

!

!

ip default-gateway 10.252.60.1

!

wmt license-key installed

wmt accept-license-agreement

wmt enable

wmt live-url-stripping enable

!

!

no auto-register enable

!

rtsp server real-subscriber license-key installed

rtsp server real-subscriber accept-license-agreement

rtsp server real-subscriber enable

!

!

ip name-server X.X.X.X

!

!

logging facility local3

logging host X.X.X.X priority information

logging console priority debug

!

ntp server 10.252.111.2

!

bypass static any-client 10.101.254.1

no bypass load enable

bypass gateway 10.252.60.1

!

!

!

wccp router-list 1 10.252.60.1 10.252.60.2 10.252.60.3 10.252.60.4 10.252.60.5

wccp web-cache router-list-num 1 l2-redirect

wccp rtsp router-list-num 1 l2-redirect

wccp wmt router-list-num 1 l2-redirect

wccp ftp-native router-list-num 1

wccp wmt-rtspu router-list-num 1 l2-redirect

wccp https-cache accept-all

wccp https-cache router-list-num 1 l2-redirect

wccp version 2

!

!

icap apply all

icap logging enable

icap rescan-cache ISTag-change

icap service symantec-resp

enable

vector-point respmod-precache

server icap://10.252.176.20/avscan

exit

!

websense-server service policy local activate

websense-server service eim activate

websense-server service network-agent activate

!

!

websense-server enable

!

rtsp proxy media-real license-key installed

rtsp proxy media-real accept-license-agreement

rtsp proxy media-real enable

!

rtsp server cisco-streaming-engine enable

transaction-logs export ftp-server X.X.X.X cisco **** \updates

!

!

username X.X.X.X password 1 X.X.X.X

username X.X.X.X privilege 15

!

!

tacacs key ****

tacacs timeout 20

tacacs retransmit 1

tacacs host X.X.X.X primary

tacacs host X.X.X.X

!

!

authentication login local enable secondary

authentication login tacacs enable primary

authentication configuration local enable secondary

authentication configuration tacacs enable primary

!

!

sshd enable

!

!

url-filter http websense server local

url-filter http websense enable

!

!

mediafs-division wmt-cache-space 80 real-cache-space 20

!

!

banner login message "This is a private informatino system for authorized us

ly.\nUnauthorized use may result in disciplinary, civil, and criminal penalt

\nLOG OFF IMMEDIATELY IF YOU DO NOT AGREE TO THESE CONDITIONS.\n"

banner enable

!

!

bandwidth real-server 512 default

bandwidth real-server 1024 max-bandwidth

bandwidth real-proxy outgoing 512 default

bandwidth real-proxy outgoing 1024 max-bandwidth

bandwidth real-proxy incoming 512 default

bandwidth real-proxy incoming 1024 max-bandwidth

! End of ACNS configuration

Thanks,

Ron

1 REPLY
Anonymous
N/A

Re: ACNS, ICAP and Symantec

Try doing the following and check if the Virus alert message appears.

1. Reconfigure ICAP and smartfilter, but disable dns cache.

2. Restore configuration with dns cache

3. Enable the virus and check if the alert message appears

312
Views
0
Helpful
1
Replies
CreatePlease to create content