Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2322
Views
0
Helpful
7
Replies

Transparent redirection ASA & WSA

Tuba
Cisco Employee
Cisco Employee

‎09-29-2019 07:51 AM

Should I enable the proxy manually in the client machine when I configured Transparent redirection in ASA?

I know In Transparent Mode, the client is unaware of the presence of the web proxy. but my ASA is not redirecting traffic to WSA unless I configure the proxy in a machine.

 

Appreciate your help.

 

 

 

Labels:
0 Helpful
7 Replies 7

Marius Gunnerud
VIP
VIP

‎09-29-2019 07:56 AM

You should not have to enable the proxy on the machine.  Have you double checked your configuration on the ASA, that the ACL IPs are correct and being matched on?

Check out this link for configuration tips:

https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117810-configure-wsa-00.html

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Oleg Volkov
Spotlight
Spotlight

‎09-29-2019 10:33 AM

Hi.

We need configure WCCP group on WSA and ASA, also we need configure routes on WSA.

And also You need create ACL for permit traffic to WSA throught WCCP

If You need, I can assist You.

PS.

ASA and WSA must be in single L2 segment - inside.

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
0 Helpful

Tuba
Cisco Employee
Cisco Employee
In response to Oleg Volkov

‎09-30-2019 06:00 AM

WSA

access-list ACL-IRONPORT-WSA extended permit ip host 10.0.254.14 any
access-list ACL-IRONPORT-WSA extended permit ip host 10.0.254.13 any

 

Network

 

access-list ACL-WEB extended permit tcp 10.0.254.8 255.255.255.248 any eq www
access-list ACL-WEB-TRAFFIC extended permit tcp 10.0.254.8 255.255.255.248 any eq 443

 

wccp web-cache redirect-list ACL-WEB-TRAFFIC group-list ACL-IRONPORT-WSA
wccp 90 redirect-list ACL-WEB-TRAFFIC group-list ACL-IRONPORT-WSA
wccp interface FW_EXT_Core web-cache redirect in
wccp interface FW_EXT_Core 90 redirect in

0 Helpful

Oleg Volkov
Spotlight
Spotlight
In response to Tuba

‎09-30-2019 09:31 AM

Can You show settings on WSA (WCCP)?

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
0 Helpful

Tuba
Cisco Employee
Cisco Employee
In response to Oleg Volkov

‎09-30-2019 10:36 AM

name WCCP

Dynamic 90

ports 80,443

hash only

GRE only 

GRE only 

 

Also, I removed web cache configurations and attached the image of WSA.

Preview file
52 KB
0 Helpful

Oleg Volkov
Spotlight
Spotlight
In response to Tuba

‎10-01-2019 02:50 AM

Please provide me

sh wccp 90  and

sh wccp 90 detail from asa.

And do packet tracer like:

packet-tracer input inside tcp <inside host IP> 4567 77.88.8.8 80

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎09-29-2019 11:19 AM

As suggested other post, you need to setup WCCP and redirection,

 

If you WSA behind ASA both the interface you need to have correct FW rules and configured correctly.

 

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card