Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3069
Views
0
Helpful
4
Replies

ASA WCCP and Squid proxy

Delmiro Campelo
Level 1
Level 1

‎05-25-2013 06:33 PM - edited ‎03-11-2019 06:49 PM

Hello support community,

I'm looking for some assistance in configuring ASA and Squid proxy. I have tried bunch of diferent ways to get this working to no avail. Here is the configuration i'm using, and it doesn't see to be working. Do you have any working configs that I can try? proxy server doesn't seem to be talking to the ASA. I appreciate your help.

On the 5505 ASA (version 9.1(2)

access-list wccp_server extended permit ip host 10.10.30.200 any

access-list wccp_clients extended permit ip 10.10.10.0 255.255.255.0 any

wccp web-cache redirect-list wccp_clients group-list wccp_server

wccp interface inside web-cache redirect in

On Squid server (version 3.1.19)

http_port 3128 transparent

wccp2_router 10.10.30.200

wccp2_forwarding_method 1

wccp2_assignment_method hash

wccp2_service standard 0

Global WCCP information:

    Router information:

        Router Identifier:                  -not yet determined-

        Protocol Version:                    2.0

    Service Identifier: web-cache

        Number of Cache Engines:             0

        Number of routers:                   0

        Total Packets Redirected:            0

        Redirect access-list:                wccp_clients

        Total Connections Denied Redirect:   0

        Total Packets Unassigned:            0

        Group access-list:                   wccp_server

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

Labels:
0 Helpful
4 Replies 4

julomban
Level 3
Level 3

‎05-27-2013 07:23 AM

Hello Delmiro,

Are the server and client behind the same interface?

With the ASA appliance the cahce server and clients must be on the same interface, otherwise is not going to work.

Also, you may want to enable the wccp debug on the ASA (debug wccp) and see if the server and ASA are communicating.

Regards,

Juan Lombana

Please rate helpful posts.

0 Helpful

Delmiro Campelo
Level 1
Level 1
In response to julomban

‎05-27-2013 04:32 PM

Hi Juan,

caching server (squid) is connected to the same inside interface as the clients. I was able to verify that the caching server and ASA were communicating sucessfully by using the debug commands, debug wccp packets and events. I was also able to verify that packets were being redirected to the cache engine (squid server), but I wasn't able to browse the internet pages after that point. I believe the problem lies in the squid server configuration. Do you know of any way to check the squid server logs for issues? thanks for helping

Delmiro

0 Helpful

julomban
Level 3
Level 3
In response to Delmiro Campelo

‎05-28-2013 06:27 AM

Hello Delmiro,

If you see request/reply and packets been redirected from the ASA to the squid server it means that the ASA is doing his jog, the only responsibility of the ASA is to send the packet over to the server. This one will decide what to do with the packet.

Unfortunately I am not expert/familiar with the ASA product, I am not sure how to look at the logs of the server, not even check the config. Is there some support or forum from squid? Probably you can search on the web or open a ticket with them.

Regards,

Juan Lombana

Please rate helpful posts.

0 Helpful

Delmiro Campelo
Level 1
Level 1
In response to julomban

‎05-28-2013 12:51 PM

Thanks for your help!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card