• Advertisement

Redirect http and https traffic from ASA 5520 via squid

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.

Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 7:06 am

Hi,

 

Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian for web filtering. Can someone guide me the steps in getting all http and https traffic from ASA go via my squid? Any help greatly appreciated.

 

Thanks,

 

Ribin

Guest
 

Advertisement

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 7:55 am

The ASA can only redirect HTTP/HTTPs traffic to a websense or secure computing smartfilter (owned by McAfee).  I had a client that used squid for a proxy and they used a GPO or script to force a browser to use it.

Guest
 

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 8:06 am

I certainly believe that we can redirect traffic via squid. I have seen some posts which does this using wccp.

 

My current config is below:

 


access-list wccp-servers permit ip host 192.168.40.201 any
access-list wccp-traffic permit ip 192.168.40.0 255.255.255.0 any

 

wccp web-cache group-list wccp-servers redirect-list wccp-traffic
wccp interface Management web-cache redirect in
wccp interface inside web-cache redirect in

 

192.168.40.201 is my proxy server ip

 

But I think there is nothing happening in the ASA:

 

ASA(config)# sh wccp interfaces

 

WCCP interface configuration:
    GigabitEthernet0/1
        Output services: 0
        Input services:  1
        Mcast services:  0
        Exclude In:      FALSE

 

    Management0/0
        Output services: 0
        Input services:  1
        Mcast services:  0
        Exclude In:      FALSE

 

ASA(config)# sh wccp

 

Global WCCP information:
    Router information:
        Router Identifier:                   -not yet determined-
        Protocol Version:                    2.0

 

    Service Identifier: web-cache
        Number of Cache Engines:             0
        Number of routers:                   0
        Total Packets Redirected:            0
        Redirect access-list:                wccp-traffic
        Total Connections Denied Redirect:   0
        Total Packets Unassigned:            0
        Group access-list:                   wccp-servers
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0

 

Any help?

 

- Ribin

 

- Ribin

Guest
 

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 9:34 am

Fair enough.  Not having implemented WCCP on the ASA, I can be of help with this.  However, a quick google search came up with this:

 

http://parvinderbhasin.blogspot.com/2009/06/squid-wccp-and-cisco-asa-setup.html

 

HTH

Guest
 

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 9:55 am

Yep...I did the configuration using the same url. Thanks for your time.

 

Can some one see whether there is any issue with my wccp configuration?

 

- Ribin

Guest
 

Next


  • Advertisement


Similar topics


Return to Cisco Security

Who is online

Users browsing this forum: No registered users and 1 guest