Cisco 4507R WCCP with blue coat SG 8000 as proxy server integration

Dear All,
I installed the blue coat on one of the vlan with users in diffwrent vlans. The core 4507R is used with L3 vlans as gateway for the respective vlan users. Now i need to configure both core switch and blue coat as proxy server so that all the users in different vlans access internet websites without configure the blue coat proxy address but the core switch would redirect the users request to the blue coat proxy server. I tried with latest IOS upgrade to the switch eventhen i could not get the cmds related to WCCP blue coat documents suggest to use in core switch to configure the proxy server of SG8000
Could any one help me to solve this issue.
Thanks
swamy

Following link may help you
http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a008062cfc6.html

Similar Messages

  • There is a problem with the security certificate of the proxy server. Error code 18 and 38.

    Hi All,
    After several hours and a short night of sleep I'm out of ideas and hopefully someone here can help me trying to solve this one. First of all the situation:
    Exchange 2013 on a remote location with a CA-certificate.
    Outlook 2010 and 2013 on different locations, locally installed and on RDS.
    When I open Outlook on my laptop all is fine, no errors, good sync, no problem. But when I open Outlook on our Remote Desktop Servers with Outlook 2013 I'm getting errors like "There is a problem with the security certificate of the proxy server. The
    name on the security certificate is invalid or does not match the name of the site. Outlook is unable to connect to this server. (Error code 18)". Opening Outlook 2010 the message is the same, but the error code now is 38.
    After this Outlook opens and is working, there's one more error though. After a while an security warning pops up with the message: "Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the
    site's security certificate. * The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority. * The security certificate is valid. * The name on the security
    certificate is invalid or does not match the name of the site."
    Strangest thing is, it is the certificate of my RDS! It isn't my valid en officially bought certificate from my mailserver. What's going on? I'm out of options, what I've tried so far (in random order):
    - restarting mailserver and AD;
    - restarting switches;
    - restarting routers;
    - restarting RDS, AD and all other servers;
    - bypassed proxyserver for RDS;
    - created a new profile;
    - checked recently installed updates;
    - checked certificate on mailserver;
    - checked RDS on a different location, working fine.
    Nothing helped, what can I do next? Please advice.
    Regards.

    Found a thread that solves half my problem (https://social.technet.microsoft.com/Forums/office/en-US/70d18244-889a-4d95-ac3f-e234672a82b2/there-is-a-problem-with-the-proxy-servers-security-certificate-error-when-starting-outlook?forum=exchangesvrclients).
    The first message can be suppressed by adding this to the Exchange config:
    set-outlookprovider -Identity EXCH -CertprincipalName msstd:webmail.domain.tld
    set-outlookprovider -Identity EXPR -CertprincipalName msstd:webmail.domain.tld
    Giving the command get-outlookprovider, gives me empty information regarding the certprinipalname. Filled
    this and after recreating the profile or deleting the ost-file I still have the second alert with the local certificate of my RDS.
    Not completely where I want to be, any help regarding the second alert is greatly appreciated!

  • VSS on cisco 4507R+E with sup8-E

    Hi folks,
    I need to configure VSS on cisco 4507R+E switch with SUP8-E,but the problem is that as per the latest relase notes VSS is not supported on sup8-E. 
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_32143-01.html
    Can someone advise me how to proceed?

    Hi,
    The links coming from cpe1 and cpe2 can be bundled and made layer3 port channel on VSS swirtch?
    No, the link can't be in a Porchannel as cpe-1 cpe-2 are 2 different devices. If cpe-1 and 2 were for example Cisco 3750 stacked, then yes, you could put both links in a Portchannel on the 3750s and also on 4500 (VSS).
    on VSS switch : 172.16.10.6/29 (port channel)
    cpe1: 172.16.10.2/29
    cpe2: 172.16.10.3/29
    HSRP virtual IP: 172.16.10.4/29
    All above statements are correct.
    Can you eloborate how I can use dot1q encapsulation for this scenario?
    Let assume cpe-1 and cpe-2 are Cisco 3845 routers. In this case, you can simply create a sub-interface an each device connecting to the VSS with dot1.q
    for example on cpe-1
    interface gi0/0
    interface gi0/0.10
    ip address 172.16.10.2/29
    encapsulation dot1q 10
    the same thing on cpe-2 except a different IP address.
    Now you create vlan 10 with dot1q encapsulation on the 4500 and add it to what ever interfaces that are connecting to the cpes with an ip address on th svi.
    or you can keep the 4500 (vss) as layer-2 with no IP and no svi.
    it that more clear now?
    Reza

  • Cisco 4507R+E with SUP6L-E

    Hello All,
    At my core of my network I have a 4507R+E with a SUP6L-E and a 3750X, both these units are configured for HSRP.  So essentially the 3750X is not doing anything.  Many moons ago, at the time or purchase an additional SUP6L-E was twice the cost of a 3750X, so the 3750X was purchased to create a sense of high availability.
    My question is, if I happen to come across another SUP6L-E, would it be a better configuration to install a secondary supervisor card and remote the 3750X from my network?
    Of course EOS/EOL plays a factor but aside from that, would I see any simplification and enhancement to the network by the installation of a secondary supervisor?

    Hi,
    I would keep the 3750 as one of your core. The reason being is that this design gives you chassis redundancy.
    If you install a second sup in the 4500 and something happens to it, you have no redundancy.
    HTH

  • Cisco 2600 router with 4A/S module can be terminal server

    I have a cisco 2600 router with 4A/S module, can it become the terminal server? If yes, which kind of octal cable should I choose to connect to other cisco routers console ports? Thanks a lot

    The commands mean that R1's console is connected using the first RJ-45 cable and is available on port 2001, R2's console is connected using the second RJ-45 cable and is available on port 2002 and so on. Remember that the ports are numbered as 2000 plus the line number. Hence, the first port is 2001. If you have more than eight devices and have connected a second CAB-OCTAL-ASYNC cable then you need to add a similar configuration line with the port numbers starting from 2009 till 2016.
    In your configuration u configured 9 ports. So please add second cable for another 8 ports.
    To connect to the console of a device, telnet to the terminal server router's loopback address and specify the port number associated to the device. For example, to connect to console of router R1 (from our example) type telnet 192.168.12.1 2001 in the Run dialog box from your PC.
    For further information click the below url
    http://www.cisco.com/public/technotes/smbsa/en/us/internet/config_cisco_router_term_server.html#trouble

  • Issue with binary attribute types through Directory Proxy Server 6.3.1

    I'm having problems with DPS 6.3.1.1 on Solaris 10 with binary attribute types. From most LDAP servers, requesting an attribute such as userCertificate would return userCertificate;binary without any issues. However, DPS seems to consider these two separate attributes. In order to see userCertificate;binary, I have to ask for it in that exact format. This obviously is causing trouble for many clients as they shouldn't care about the binary type as it's the same attribute.
    I've tried to correct this with a virtual data transformation (dpconf add-virtual-transformation 'PKI Tree' read add-attr-value userCertificate \${userCertificate\;binary}) but the end results are the same. Any ideas on how I can correct this one?
    Thanks in advance.

    Here is some complementary information:
    system (uname -a):
    SunOS xxx 5.10 Generic_142900-13 sun4u sparc SUNW,Sun-Fire-V440
    since patch 118666-26: update java 1.5.0 update 24
    we are experiencing the follwing problem:
    xxx$ ./dpadm start /opt/ldap/instances/mail/
    The Directory Proxy Server instance '/opt/ldap/instances/mail' failed to start after the waiting period.
    The Directory Proxy Server instance start has produced the following error output:
    Exception in thread "main" java.lang.NoSuchFieldError: strm
    at java.util.zip.Inflater.initIDs(Native Method)
    at java.util.zip.Inflater.<clinit>(Inflater.java:60)
    at java.util.zip.ZipFile.getInflater(ZipFile.java:375)
    at java.util.zip.ZipFile.getInputStream(ZipFile.java:320)
    at java.util.zip.ZipFile.getInputStream(ZipFile.java:286)
    at java.util.jar.JarFile.hasClassPathAttribute(JarFile.java:469)
    at java.util.jar.JavaUtilJarAccessImpl.jarFileHasClassPathAttribute(JavaUtilJarAccessImpl.java:21)
    at sun.misc.URLClassPath$JarLoader.getClassPath(URLClassPath.java:809)
    at sun.misc.URLClassPath.getLoader(URLClassPath.java:293)
    at sun.misc.URLClassPath.getResource(URLClassPath.java:160)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:192)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:300)
    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
    at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
    The Directory Proxy Server instance '/opt/ldap/instances/mail' is not running.
    We have tried to install patch 118666-27 (not recommended, but already available) which includes jdk 1.5.0 update 25 -> same problem
    When returning to jdk 1.5.0 update 20 the directory proxy server starts as normal

  • Distance calculation with the help of mappoint and sql server integration services

    How to use mappoint 2011 with SSIS 2012 to calculate the distance between two zip codes? is there any process to calculate the distancein ssis?

    SSIS being an ETL tool (moving and transforming data) does not have native integration with mapPoint, nor it exposes any 'Geo' functions to operate on geometry or geoshape data.
    I imagine to achieve what you need SSIS should not be used solely, if you can read the ZIP codes then you can calculate the distance in C# (say) code which in turn can be used in SSIS Script Task if needed: http://www.wiredprairie.us/blog/index.php/archives/688
    Arthur
    MyBlog
    Twitter

  • Cisco Catalyst 4507R+E with WS-X4748 blade, ports not working

    I have a Cisco Catalyst 4507R+E  (with Sup7-E) and two blades; one WS-X4748-RJ45V+E and one WS-X4648-RJ45-E.
    When I connect a device to a port on the WS-X4748-RJ45V+E blade the port will not come up, show interface shows the status as "notconnect". When I connect the same device to the WS-X4648-RJ45-E blade the interface comes up.
    The WS-X4748-RJ45V+E blade seems to have initialised okay, it appears in the output of "show module" as OK.
    I get exactly the same effect on a second, identically configured Catalyst 4507R+E.
    The software version is IOS XE 3.1.0SG, which according to the release notes supports the WS-X4748-RJ45V+E blade. Has anybody else seen anything like this?

    I have 2 Core switches, single SUP on each.
    Line cards #1 and #2 randomly stop forwarding packets, only solution is to reload the switch ( hw-module reset does not work ). I have cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin and the sympton looks the same as the described one,
    although the code is newer than 3.2.2SG.
    Now we are downgrading to cat4500e-universalk9.SPA.03.04.02.SG.151-2.SG2.bin to check if that solves the issue,
    otherwise we´ll try removing/re-inserting the modules, and if issue persists, most probably RMA the Core1.
    We´ve sent a show tech to Cisco support while the issue was happening.
    Current modules on the Core switches.
    Mod Ports Card Type                              Model              Serial No.
    ---+-----+--------------------------------------+------------------+-----------
    1    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1627L48B
    2    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1629L0ZY
    3     4  Sup 7-E 10GE (SFP+), 1000BaseX (SFP)   WS-X45-SUP7-E      CAT1629L1PD
    5    12  1000BaseX (SFP)                        WS-X4612-SFP-E     JAE163007EO
    M MAC addresses                    Hw  Fw           Sw               Status
    --+--------------------------------+---+------------+----------------+---------
    1 30f7.0d57.80c0 to 30f7.0d57.80ef 1.1                               Ok      
    2 30f7.0dac.fd40 to 30f7.0dac.fd6f 1.1                               Ok      
    3 30f7.0dca.6c00 to 30f7.0dca.6c03 2.1 15.0(1r)SG10 03.05.00.E       Ok      
    5 a493.4c44.13e8 to a493.4c44.13f3 1.1                               Ok      
    Mod  Redundancy role     Operating mode      Redundancy status
    ----+-------------------+-------------------+----------------------------------
    3   Active Supervisor   SSO                 Active                           

  • ACE Probe Config for Blue Coat Proxy TCP Port 74 NETRJS-4

    We are running 4710's with A5(2.2). We use Blue Coat proxies for our internet connections, specifcally TCP port 74. So when we open up a browser connection to www.cisco.com, the HTTP GET is actually encapsulated in TCP port 74 netrjs-4. We want to load-balance these proxies with ACE and I'm trying to setup health probes, but the only ones that work are the tcp probes PROXY_BCC_PROBE and PROXY_PROBE. I'd like to have health probes that hit external websites, but I'm confused whether the "ip address" Probe sub command is all I need, and netrjs is simple encapsulation of the HTTP request (which is what it looks like on a sniffer). Does anyone have Blue Coat proxies/ACE working? If so, how are your probes configured?
    Thanks,
    probe tcp PROXY_BCC_PROBE
      port 8084
      interval 3
      passdetect interval 3
    probe http PROXY_HTTP1_PROBE
      ip address 198.133.219.25
      port 74
      interval 3
      passdetect interval 3
      request method head url /index.html
      expect status 200 299
    probe http PROXY_HTTP2_PROBE
    ip address 198.133.219.25
      port 74
      interval 3
      request method get url /
      expect status 200 299
    probe tcp PROXY_PROBE
      port 74
      interval 3
      passdetect interval 3

    Hi,
    I have seen this working for one of the customer.
    probe http HTTPGET
      description Tests that www.gmail.com returns 302 redirect
      interval 10
      request method get url http://www.gmail.com
      expect status 302 302
    If I modify your probe :
    probe http PROXY_HTTP1_PROBE
      ip address 198.133.219.25
      port 74
      interval 3
      passdetect interval 3 
    request method get url
      http://www.gmail.com
    expect status 302 302
    Give it a try and see if that helps.
    regards,
    Ajay Kumar

  • Cisco 4507R-E secondary SUP card is in disable state

    Hi All,
    I have one cisco 4507R-E switch with SUP 6-E. When I power UP switch. switch is boot with primary sup. Secondary module shown as "Disabled".
    How can i enable secondary module?

    Hi,
    Have a look at this doc on how to make the sups redundant
    You need to have the same exact IOS and license in both sups.
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1-2/XE_340/configuration/guide/config/RPR.html#wp1125437
    HTH

  • ASA , Cisco VPN client with RADIUS authentication

    Hi,
    I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
    All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
    Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
    Thank you.
    Kind regards,
    Alex

    Hi Alex,
    It is working as it should.
    You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
    thanks
    John

  • On my MacBook Pro when I am connected to the internet via an Ethernet cable, Facebook pictures do not load. They show up as white boxes with blue question marks.

    On my new MacBook Pro when I am connected to the internet via an Ethernet cable, Facebook pictures do not load. They show up as white boxes with blue question marks. This also happens on a website editor. But, when I am connected to the internet via Wifi, everything load properly. This is my work computer, so I have to be able to connect through the Ethernet cable to access everything. Please help me!

    I mostly use Safari. But I also tried it on Firefox, Mozilla, and Camino. Mac OS X. It's my work computer, so I've only tried it at the office. I have to be connected through the Ethernet cable to access my files and email on the server.

  • IPhone5s stuck in recovery mode after lots of times displaying blue screen of death, cannot restore it as iTunes displays error 14 on verification, same time phone crashes again with blue screen.

    hi, my iPhone5s is only 3 months old, it has been like a whole month now since it started crashing, displaying the blue screen of death, since yesterday it was in the loop of restart-crash, and now it is stuck in recovery mode after lots of times displaying blue screen.
    I cannot restore it as phone continues crashing again with blue screen, when iTunes displays error 14 on verification.
    help please, this phone is all the means of communication I have.

    It's a hardware problem. That's it. You shouldn't bother yourself with this situation. Just see an AASP.

  • Satellite L650 - frequent computer restart with blue screen

    Hi, I bought an L650 about 2months ago so it is still under warranty.
    Recently (maybe last 2 weeks) it has continued to shut down with blue screen of death. It seemed to occur more if I opened up many tabs in internet and i thought it might be adobe flash but don't think so anymore.
    It says if there is new hardware or software installed try reinstall it but I do not know which software and there is no new hardware.
    "a problem has been detected and windows has been shyt down to protect your computer
    A process or thread crucial to system operation has unexpectedly exited or terminated.
    technical information:
    *** STOP: 0x000000F4 (0X00000000000003, OxFFFFFFFFAB007A4B30, 0xFFFFFFFFFA(rest off screen from camera)
    xFFFF800035C#1EO
    Somthing like above although its quick video on my camera so some numbers may be wrong.
    Can someone help if this is a hardware malfunction or my fault somehow?
    Is this a warranty problem or what should I do?
    I never made any windows CD or anything when I bought laptop unfortunately so do not know if I can reformat harddrive?
    Thanks.
    Kadin

    Hello
    It is worst than at the beginning with STOP: 0x000000F4 error message. It is always problematic to help with such problems because your notebook configuration, preinstalled software and activity is not known to us.
    In my opinion you should back-up all your important data, install OS again using HDD recovery option and test functionality with original OS without any additional software installation.
    If the BSOD will occur again and again I recommend you to contact nearest Toshiba service and ask for help. I have two Toshiba notebooks and until now I didnt notice BSOD at all.

  • 7th generation ipod nano only displaying white screen with blue horizontal lines

    Hi,
    My 7th generation ipod nano is now only displaying a white screen with blue horizontal lines along the bottom. It still plays music and is recognised in itunes with I connect it to my PC.
    I have reset is and restored it and it is charged.
    Please advise.
    Thanks,
    Jess

    Hi jkjuarez2012,
    Thank you for visiting Apple Support Communities.
    It sounds like your iPod nano is only showing the Apple logo with a white background, and you've tried many good steps including resetting and restoring the device. I know I'd miss my music in this situation.
    Make sure that you followed the steps in this article when restoring your iPod:
    Restoring iPod to factory settings - Apple Support
    If the issue continues after restoring, your iPod nano may need to be serviced. You can use this link to find out more about iPod service:
    If the issue is still not resolved, please read this information on servicing your iPod.
    From:
    iPod nano (7th generation): Hardware troubleshooting - Apple Support
    Best Regards,
    Jeremy

Maybe you are looking for