Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
675
Views
0
Helpful
4
Replies

ASA WCCP Question

Brett Verney
Level 1
Level 1

‎07-08-2013 10:10 PM - edited ‎03-11-2019 07:09 PM

Hi all,

Hopefully a quick question...

When it comes to web-cache redirection, the ASA's only supported method is via GRE encapsulation.

If my proxy server is in the same subnet as the ASA's 'INSIDE' interface, will the ASA's still be able to setup a GRE tunnel between itself and the server?

For several reasons the web-cache server (Blue Coat ProxySG 900-20) has to stay within this subnet...

Regards,

Brett

Labels:
0 Helpful
4 Replies 4

Andrew Phirsov
Level 7
Level 7

‎07-08-2013 10:24 PM

ASA currently supports WCCP only on the same interface (it should be inside interface) and only in the same subnet as it's inside interface. So your setup is only one possible for ASA and everything should work fine.

0 Helpful

Brett Verney
Level 1
Level 1
In response to Andrew Phirsov

‎07-09-2013 12:13 AM

Hmm...

Is the 'same subnet' part true? My understanding was that the server and client worksations had to be 'under' the same interface.

FROM CISCO - "The only topology that the security appliance supports is when client and cache engine are behind the same interface of the security appliance and the cache engine can directly communicate with the client without going through the security appliance."

If they HAD to be within the same subnet, would that remove the need for a GRE tunnel?

Brett

0 Helpful

Andrew Phirsov
Level 7
Level 7
In response to Brett Verney

‎07-09-2013 12:39 AM

Actually now i'm not 100% sure that they should be on the same subnet, but they 100% will work, when in the same subnet. As for the GRE it's the only one possible way for ASA to connect to the webcache engine. Surely when in the same subnet it's not required technically, but it's ok for GRE to work between hosts on the same subnet.

0 Helpful

Brett Verney
Level 1
Level 1

‎07-09-2013 02:28 AM

Thanks Andrew,

Cisco aren't very informative with the WCCP functionality on the ASAs. I just want to make sure my topology will work before writing up project proposals and promising the business all this functionality. Otherwise the WCCP config on both the ASAs and the Blue Coat proxy seems very straight forward...

Brett

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card