03-08-2010 08:17 AM
Currently all our internal addresses translate to a single external ip addr. We want to break this up for certain segments to have different public addresses. When I test this for myself, I cannot reach the websites. This includes, verisign, secureworks, Ironport support portal. Bank is OK. When I remove the dynamic nat off the ASA, all is fine again. Web traffic, because it comes from non spoofed proxy address, should not have changed. The access logs don't show the site is ever accessed. I don't know for certain this is Ironport related but I do have HTTPS proxy enabled. 6.3.3. Let me know if anyone has seen similar. Thanks much. jc
03-08-2010 08:20 AM
Clarification, I cannot reach websites where I have a user certificate installed for access, expect Ironport support site.
03-08-2010 08:26 AM
We use WCCP at core switch to route users to S360. HTTP and HTTPS in acl.
03-10-2010 01:21 PM
This question was answer in customer support, further troubleshooting might be needed on the network/fw side.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: