• Advertisement

Redirect http and https traffic from ASA 5520 via squid

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 10:23 am

 

I see two redirect interfaces

 

wccp web-cache group-list wccp-servers redirect-list wccp-traffic
wccp interface Management web-cache redirect in
wccp interface inside web-cache redirect in

 

Where are your host browsing? Behind what interface?

Your hosts need to be behind the same interface as the wccp engine, that is a requirement

 

I hope it helps.

 

PK

 

Guest
 

Advertisement

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 10:31 am

All hosts are in 192.168.40.0/24 network and my proxy server is also in 40 n/w.

 

- Ribin

Guest
 

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 11:04 am

My scenario is like below:

 

Users (in 192.168.40.0/24 n/w) ------- Layer 3 switch(default g/w of all traffic is 192.168.30.1) ------------(192.168.30.8) ASA--------Internet

 

Management interface IP of ASA is 192.168.40.8 and inside interface IP is 192.168.30.8. Squid server is connected in Layer 3 switch with IP 192.168.40.201. All users are in 192.168.40.0/24 n/w.

 

- Ribin

Guest
 

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 12:12 pm

Your hosts need to be behind the same interface as your squid. The squid needs to be able to send the pages to the hosts directly, not through the ASA.

 

To begin with I would try just the

 

wccp web-cache redirect-list wccp-traffic
wccp interface Management web-cache redirect in

 

Make sure the management interface has the command "no management-only".

 

Then see if the ASA redirects and if he sees the squid "sh wccp" commands.

 

I hope it helps.

 

PK

Guest
 

Re:Redirect http and https traffic from ASA 5520 via squid

Postby Guest » Fri Nov 26, 2010 12:46 pm

Hi,

 

My show wccp command output is below:

 

ASA(config)# sh wccp

 

Global WCCP information:
    Router information:
        Router Identifier:                   -not yet determined-
        Protocol Version:                    2.0

 

    Service Identifier: web-cache
        Number of Cache Engines:             0
        Number of routers:                   0
        Total Packets Redirected:            0
        Redirect access-list:                wccp-traffic
        Total Connections Denied Redirect:   0
        Total Packets Unassigned:            0
        Group access-list:                   wccp-servers
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0

 

It seems nothing is happening. I did "no management-only command in my management interface.

 

- Ribin

Guest
 

PreviousNext


  • Advertisement


Similar topics


Return to Cisco Security

Who is online

Users browsing this forum: No registered users and 3 guests