Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

Https traffic not routing to Ironport

Greetings - I have an Ironport issue that is really starting to bug me!  We have an S170 appliance installed, and for port 80 traffic it is working properly. However, I cannot for the life of me get port 443 traffic to hit the Ironport appliance.  I have a Cisco ASA 5520 set up with the recommended configs, which is pretty basic. However, when tailing users, I see all traffic with the exception of https... I have no idea why. I changed the WSA to "permit" http and https traffic, but no dice.  Is there something on the firewall that should be set that I am missing? 

Our firewall is ver 8.2; Under the WCCP service groups and redirection it is set up as default, and the acl manager is set to permit http and https traffic. It seems to me that it is a firewall routing issue, but I have no idea what or why!  I know this is pretty vague, but I'm thinking I must be missing something very obvious!

Thanks in advance....

1 ACCEPTED SOLUTION

Accepted Solutions

Https traffic not routing to Ironport

Under Network/Transparent Redirection, look at the ports listed in your service profile... that should include the SSL ports that you want redirected.   You have to use a Dynamic service ID.  0 only sends port 80.   (The WSA "asks" for what traffic it wants, the router config is all about limiting what can be asked for, and where it should go.)

2 REPLIES

Https traffic not routing to Ironport

Under Network/Transparent Redirection, look at the ports listed in your service profile... that should include the SSL ports that you want redirected.   You have to use a Dynamic service ID.  0 only sends port 80.   (The WSA "asks" for what traffic it wants, the router config is all about limiting what can be asked for, and where it should go.)

New Member

Https traffic not routing to Ironport

I knew it was something simple!  Now I remember going over this at the beginning with our server admin stating just that - "I bet this is where we change the port 443 stuff...."  Thank you for the reply!

224
Views
0
Helpful
2
Replies
CreatePlease to create content