07-25-2008 10:56 PM - edited 03-11-2019 06:20 AM
Hi,
We have ASA 5520 in our network. Blue Coat (SG 510) is connected behind the ASA for web filtering. Blue Coat is configured as transparent device.
Blue Coat IP is 10.138.74.5.
Now the problem is from last one moth I am getting high BW utilization issue. Whenever I have connected the Blue Coat the BW utilization increased very high.
We have 4 MB internet link and sometimes it choke the entire BW. If I removed the Blue Coat everything normalized and working fine.
To resolve this issue I checked with Blue Coat vendor and after long experiment they told that problem with ASA configuration.
In Blue Coat logs we are getting lots public ip which should show internal ip only.
I have checked my ASA access-list configuration and didn't get anything wrong.In my ASA I have access-list configured for inbound access in Outside interface only.
I have attached my ASA configuration and Blue Coat logs.
Any kind of help would be appreciatedâ¦.
Regards,
som
Solved! Go to Solution.
07-27-2008 12:41 AM
Hi, Can you try configuring the Web Access Layer rules as per below:
1 Allow only your inside IP subnets to Any Destination
2 Deny any(source) any(Destination)
07-26-2008 01:19 AM
Hi Somenath,
I filtered the requests from the Public Ip's in the Blucoat logs you have provided.
All these requests were of the following types :
TCP_MISS = The requested object was not in the cache.
TCP_NC_MISS = Object returned from the origin server was non-cacheable.
TCP_PARTIAL_MISS = Object is in cache, but retrieval from the origin server is in progress.
TCP_ERR_MISS = An error occurred while retrieving the object from the origin server.
TCP_TUNNELED = The CONNECT method was used to tunnel this request (generally proxied HTTPS).
It is possible that the Bluecoat device is misconfigured which is allowing connections like an open proxy.
If you are allowing incoming connections from the internet to the Bluecoat Public IP then you need to block it.
Please share your ASA config, which will help to analyse better.
07-26-2008 02:26 AM
Plz find my ASA config..
plz help to resolve this issue.
Thanks,
som
07-26-2008 03:36 AM
Sorry , I missed your statement above " Bluecoat device is in transparent mode" so the possibility of the bluecoat device as open proxy is ruled out.
Now I am still thinking of how the request from a Public IP is reaching your bluecoat device.
07-27-2008 12:41 AM
Hi, Can you try configuring the Web Access Layer rules as per below:
1 Allow only your inside IP subnets to Any Destination
2 Deny any(source) any(Destination)
07-27-2008 08:56 PM
Hi,
Sorry for late reply!
Now I removed that device from network. Today night I will do the configuration and let you know.
Regards,
som
08-05-2008 03:51 AM
Hi,
yes, I had done that one.
I had removed the entire policy configuartion and given permission any any.It was working fine.After that I have configured the visual policy freshly and it is working fine.
thanx a lot to u!!
08-05-2008 03:53 AM
cool... Glad to know that its working :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide