Hi Itzcoatl..

i will go through this link and see if it could help me to cover up my requirement.

Hi..

This link tell to redirect port 80 or range 0-254 but if i want to redirect port 443 also so can it be useful?

Hi Anukalp,

Port 443 should also be redirected. Here is a sample configuration.

I am adding a example for a configuration with HTTP and HTTPS to be redirect to different WCCP devices.

!-- Define the Cache Engines pertaining to WCCP Group 1:

access-list wccp-group1 extended permit ip host 10.198.28.x any

access-list wccp-group1 extended permit ip host 10.198.28.y any

!-- Define the Cache Engines pertaining to WCCP Group 2:

access-list wccp-group2 extended permit ip host 10.198.28.4 any

access-list wccp-group2 extended permit ip host 10.198.28.5 any

!-- Define HTTP traffic -service web-cache- that would be redirected:

access-list wccp-http extended permit tcp 10.198.28.0 255.255.255.0 any eq www

!-- Define HTTPS traffic -service 70- that would be redirected:

access-list wccp-https extended permit tcp 10.198.28.0 255.255.255.0 any eq https

!-- Link the services to be redirected to each group:

wccp web-cache redirect-list wccp-http group-list wccp-group1

wccp 70 redirect-list wccp-https group-list wccp-group2

!-- Enable WCCP redirection on the interface:

wccp interface inside web-cache redirect in

wccp interface inside 70 redirect in

Thanks,

Itzcoatl

Hi Itzcoatl..

Above access-list wccp-http & wccp-https are permitting , should there also be deny statement to avoid loop.

Also  access-list wccp-http & wccp-https are not related to firewall inside interface name. it should be different.Right??

Hi,

There is no need to configure a deny, unless you want to exclude some network or hosts from being redirected to the web cache server.

The interface name can be different, nevertheless remember that the web-server and the internal hosts should be behind the same ASA interface in order to work.

Thanks,

Itzcoatl

Thanks For your help Itzcoatl.