Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA Scansafe cloud is down

Hi All

I am having an issue with the Scansafe proxies and these showing as unreachable but most of the time reachable, I don't change anything.

9.1(2)

Primary: Proxy411.scansafe.net (80.254.147.163) (UNREACHABLE) for last 3 hours 24 mins, tried to connect 193817 times

Backup: Proxy137.scansafe.net (80.254.152.99) (UNREACHABLE) for last 3 hours 21 mins, tried to connect 224595 times

ASA# debug scansafe 255

debug scansafe enabled at level 255

ASA#

Checking the scansafe L7 whitelist and redirect rules

Could not get the user details!

Could not get the username from the flow!

Redirecting packets

Scansafe cloud is down; switching to allow as default action!

Any help much appreciate..

Regards Craig

1 REPLY
New Member

Hi Craig,

Hi Craig,

Did you manage to resolve this? I am having the same issue (and debug output) although using the latest software 9.6.(2)3 on ASA 5585x in a failover pair in multi-context mode. 

When I remove and reapply the scansafe config from "system" space, scansafe starts working for about 10 to 15 minutes; scansafe servers are reachable. Than "show scansafe servers" indicates both primary and backup servers are unreachable. Debug logs says scansafe cloud is down. Telnet to scansafe servers from inside the firewall on port 8080 works. Firewall config remains exactly the same in the working and not working scenarios. 

Scansafe does work on the same firewall on the old code release before upgrade 9.2(4)8. We are upgrading code to install Firepower modules in these firewalls.

Regards, 

Rick.

153
Views
0
Helpful
1
Replies