000029867 - Cisco ESA and RSA DLP Connection issues

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000029867
Applies ToRSA DLP all versions
Cisco IronPort ESA all versions.
Applies to system where DLP EM is configured to manage data loss prevention module on Cisco ESA devices
IssueOn the EM -> Admin -> Partners page, 
One or more ESA device(s) show status is "not responsive", and bubble is red.
The ESA device sends out alert stating that connection between the EM and the ESA is lost
If there are more then one device, and one of them is green status and other one one is red,
the ESA is in cluster config mode.
On the ESA device you get error splash page when accessing the Admin page on web UI

note: This article applies to system that has been configured and was running.
Verify the times on both devices are within 5 seconds.

Check to see if no access list or firewall for open ports

List of ports below:

Local port on Cisco ESA:  20002

Local port on DLP EM:     20000

On the admin page on the Cisco ESA, see warning message (see attachment)

If the ESA are in clusterconfig,

verify both nodes have same configuration.