We are trying to get Spotify to work through our Ironport S370 which is configured for both HTTP and HTTPS proxy.
Spotify allows you to set a HTTPS proxy which we have done but we continually get a 112 error which is a Spotify error meaning no connection (Check firewalls and proxies)
We have created an Identity and decrption policy just for one user and all catagories are set to pass-through but this does not work. Does anyone have any ideas what we need to do to get this working as it is causing major issues to the education music department.
I hope you are doing well. Are you using transparent redirection on the ASA? Or just explicit proxy configuration?
Since Spotify allows you to set an HTTPS proxy (like an explicit redirection to Ironport), and then if the ASA is running WCCP process, the traffic will be redirected to Ironport (again), and maybe you are creating a loop.
The pass-through that you configured on the decryption policy is OK, because the spotify HTTPS requests are matched by the Streaming Audio, and Entertainment categories.
Would you check these details and report back? In the case it did not work, would you share some accesslogs output? Feel free to request assistance in the case you do not know how to get accesslogs.
I am not an expert, but I currently have the opposite issue. I want to block spotify!!!!! Would you share with me, how you get spotify blocked?
Spotify traffics are using using port 80 and 443 however it will then switch to port 4070 for their subnets of 22.214.171.124/24, therefore in WSA will need to have the option of "permit tunnelling of non-http requests on http ports to be enabled.
If you have the above setting to be disabled, most likely Spotify would allow the login to occur however nothing would load such as spottily radio, etc.
You can enable this setting from the CLI of WSA by using command of advanceproxyconfig -> miscellaneous -> keep pressing enter till reach section of "Would you like to permit tunneling of non-http requests on http ports?" and set it to allow, also on the section of "Would you like to block tunneling of non-SSL transactions on SSL Ports?", set it to 'N'
Then keep pressing enter till you reach initial prompt and type in 'commit' to save your changes.
Also make sure that port 4070 is not block by your Firewall.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :