I certainly believe that we can redirect traffic via squid. I have seen some posts which does this using wccp.

My current config is below:

access-list wccp-servers permit ip host 192.168.40.201 any
access-list wccp-traffic permit ip 192.168.40.0 255.255.255.0 any

wccp web-cache group-list wccp-servers redirect-list wccp-traffic
wccp interface Management web-cache redirect in
wccp interface inside web-cache redirect in

192.168.40.201 is my proxy server ip

But I think there is nothing happening in the ASA:

ASA(config)# sh wccp interfaces

WCCP interface configuration:
    GigabitEthernet0/1
        Output services: 0
        Input services:  1
        Mcast services:  0
        Exclude In:      FALSE

    Management0/0
        Output services: 0
        Input services:  1
        Mcast services:  0
        Exclude In:      FALSE

ASA(config)# sh wccp

Global WCCP information:
    Router information:
        Router Identifier:                   -not yet determined-
        Protocol Version:                    2.0

    Service Identifier: web-cache
        Number of Cache Engines:             0
        Number of routers:                   0
        Total Packets Redirected:            0
        Redirect access-list:                wccp-traffic
        Total Connections Denied Redirect:   0
        Total Packets Unassigned:            0
        Group access-list:                   wccp-servers
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0

Any help?

- Ribin

- Ribin

Fair enough.  Not having implemented WCCP on the ASA, I can't be of help with this.  However, a quick google search came up with this:

http://parvinderbhasin.blogspot.com/2009/06/squid-wccp-and-cisco-asa-setup.html

HTH

Yep...I did the configuration using the same url. Thanks for your time.

Can some one see whether there is any issue with my wccp configuration?

- Ribin

All hosts are in 192.168.40.0/24 network and my proxy server is also in 40 n/w.

- Ribin

My scenario is like below:

Users (in 192.168.40.0/24 n/w) ------- Layer 3 switch(default g/w of all traffic is 192.168.30.1) ------------(192.168.30.8) ASA--------Internet

Management interface IP of ASA is 192.168.40.8 and inside interface IP is 192.168.30.8. Squid server is connected in Layer 3 switch with IP 192.168.40.201. All users are in 192.168.40.0/24 n/w.

- Ribin

Your hosts need to be behind the same interface as your squid. The squid needs to be able to send the pages to the hosts directly, not through the ASA.

To begin with I would try just the

wccp web-cache redirect-list wccp-traffic
wccp interface Management web-cache redirect in

Make sure the management interface has the command "no management-only".

Then see if the ASA redirects and if he sees the squid "sh wccp" commands.

I hope it helps.

PK

Hi,

My show wccp command output is below:

ASA(config)# sh wccp

Global WCCP information:
    Router information:
        Router Identifier:                   -not yet determined-
        Protocol Version:                    2.0

    Service Identifier: web-cache
        Number of Cache Engines:             0
        Number of routers:                   0
        Total Packets Redirected:            0
        Redirect access-list:                wccp-traffic
        Total Connections Denied Redirect:   0
        Total Packets Unassigned:            0
        Group access-list:                   wccp-servers
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0

It seems nothing is happening. I did "no management-only command in my management interface.

- Ribin

Hi Santhosh,

Yes, route-map command is available in my ASA. Can I do the similar configuration in my Layer 3 switch? My L3 switch has ipservices ios and it supports route-map commands, rather than doing this in ASA?

- Ribin

Hi Ribin

Yes you can use route-map on your switch (but switch needs to be gateway for your network). I am using route map on my cisco 3750 series switch with Squid which is acting as gateway for my network... Let me know if you have any issues.

Cheers!!!

I will give it a try today and let u know....

- Ribin

Hey Santhosh,

Just a final review before I try this. My scenario is like below:

Users (in 192.168.40.0/24 n/w) ------- Layer 3 with vlan's 40 and 30(default g/w of all  traffic is 192.168.30.1 which is ASA's inside IP) ------------(192.168.30.8) ASA--------Internet.

Users and proxy server (192.168.40.201) are in the same vlan 40. Where do I need to apply the policy map? I hope it is in vlan 40 in my layer 3 switch, right?

- Ribin