cisco wsa cloud connector cloud routing

jbabiojbabio
in CCIE Security Technical

So running into an issue having the WSA cloud route destination IP addresses. I have the list of IP addresses set as a direct connection in the cloud routing policy if they are the destination IP address. The wsa will not cloud route them as direct connections. It ignores and sends them directly to the cloud. Is it because they are SSL websites? I know the client header is encrypted but the destination IP is visible.

· Share on FacebookShare on Twitter

Comments

  • cristian.mateicristian.matei

    What do you mean by "The wsa will not cloud route them as direct connections."? I don't really understand what the problem is.

    · Share on FacebookShare on Twitter
  • jbabiojbabio
    So i created a list of IP addresses I want sent as direct connection instead of being sent to the cloud like the default policy. This list of IP addresses are IP addresses of ssl sites. In the cloud routing policy I specify only IP addresses, no urls and no ports. No matter what the traffic goes to the cloud. I read in the docs that cloud connector mode has a limitation of not being able to see the encrypted header so it can't process the cloud routing policy for ssl traffic if you specify a url or port. I am only specifying IP addresses. Is the limitation of this mode that it cannot do anything with ssl traffic but send it to the cloud?

    On Tue, Jun 30, 2015 at 2:54 AM, cristian.matei <[email protected]> wrote:

    What do you mean by "The wsa will not cloud route them as direct connections."? I don't really understand what the problem is.




    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx

    · Share on FacebookShare on Twitter
Sign In or Register to comment.