Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

The CSC-SSM with the URL filter option enabled on a PIX/ASA firewall blocks most Internet traffic

Core issue

This issue is due to the presence of Cisco bug ID CSCsh50078

The Content Security and Control Security Services Module (CSC-SSM) with the URL filter option enabled can cause Hypertext Transfer Protocol (HTTP) traffic to immediately fail with the page cannot be found error message on the host.

Some sites, such as www.cnn.com, access most of the page with an X in place of each image. Additional links from this page return the page cannot be displayed error message.

When the CSC module has the URL filter option enabled and a third party intermediate device chunk encodes the URL filter request, the URL filter service fails.

This packet sequence appears in the trace on the ASA:

  • The web client sends a Get request to the CSC.

  • The CSC sends a URL rating request to cscssme60.url.trendmicro.com.

  • The Trend Rating Server returns the rating with a 404 status code.

  • The CSC closes the client request with a finish (FIN) without any content.

Resolution

Disable the URL filter option as a workaround to this issue.

In order to completely resolve this issue, upgrade the CSC to version 6.1(1569.2) or later. This version contains the official fix for the URL filter issue and many other Simple Mail Transfer Protocol (SMTP) and HTTP issues.

Download the suggested version from Cisco Downloads.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:09 PM
Updated by:
 
Labels (1)