Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1902
Views
0
Helpful
0
Replies

ASA Redirecting CWS Traffic To Inside Interface

dethomas
Level 1
Level 1

‎02-19-2018 12:02 PM - edited ‎03-08-2019 05:42 PM

We are seeing a very strange issue with CWS on our ASA recently.  Users report that all HTTPS traffic is failing.  We disable the service rule sending that traffic to CWS and functionality is restored.  A set of test users on a separate service rule continue to work.  HTTP traffic on it's own rule continues to work.  At some point later the service rule is re-enabled and traffic goes to CWS as expected and works.

 

This morning I noticed something strange on the syslogs from the ASA.  During the problem time I see syslog entries saying that traffic from the outside on a given connection is being redirected to the CWS tower on the inside interface.  In one minute of the problem time I saw 13,350 of these messages.  The connection number mention in the message is a connection that was started on the inside and I can see the syslog event stating that it was redirected to the CWS tower on the outside.

 

So it seems to me that the return traffic should not be redirected at all, let alone pointed at the inside interface.

 

We recently upgraded the ASA to 9.8(2).20 but it was more than a week before we started seeing this problem.  Now that I know what to look for I can see that we get a handful of these events every day but very sporadically.  

 

Has anyone seen anything like this? 

 

Thanks.

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents