Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
635
Views
0
Helpful
1
Replies

Firewall with NetFlow and WCCP (Cisco WSA)

wijngaarden.m
Level 1
Level 1

‎04-23-2018 03:53 AM - edited ‎02-21-2020 07:39 AM

I need some assitance with using NetFlow in combination with WCCP.

 

We have a firewall enabled with WCCP and NetFlow exporting the flow to a NetFlow analyzer. The issue at hand is that all traffic that is redirected by the WCCP rule, shows as the IP from the Cisco WSA.

 

Is it possible to get more accurate data, in stead of the NetFlow result showing the WSA generating traffic?

Labels:
0 Helpful
1 Reply 1

Bogdan Nita
VIP Alumni
VIP Alumni

‎04-24-2018 02:45 AM

I believe one problem with this setup is that the WSA sends the responds directly to the host and not to the ASA. If the ASA does not see the entire session it can't send netflow reports on that traffic.

If the WSA can't use the cache for answering it will send out the request with its own IP and that traffic goes properly through the ASA and it is properly reported by netflow.

One possible solution would be to activate netflow on other downstream devices, unfortunately WSA doesn't support netflow as far as I know.

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116046-config-wccp-asa-00.pdf

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCzv64580/?rfs=iqvred

 

HTH

Bogdan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card