Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1772
Views
0
Helpful
2
Replies

Using WCCP to redirect 80 and 443 traffic to a BlueCoat ASA

Scott P123
Level 1
Level 1

‎11-23-2015 09:12 AM - edited ‎03-11-2019 11:56 PM

The site that I support needs to implement WCCP to redirect all 80 and 443 traffic to a BlueCoat ProxySG. We have implemented the following configuration, and it is functional on 443, but is not redirecting any 80 traffic. A capture is also included. Any help would be greatly appreciated.

ASA Config:

wccp 90 redirect-list WCCP_Users group-list WCCP_Proxy

wccp interface inside 90 redirect in

 

access-list WCCP_Proxy line 1 extended permit ip host 10.10.10.1 any

access-list WCCP_Users line 1 extended permit ip 10.20.0.0 255.255.255.0 any

 

Global WCCP information:

    Router information:

        Router Identifier:                   10.30.1.1

        Protocol Version:                    2.0

    Service Identifier: 90

        Number of Cache Engines:             1

        Number of routers:                   1

        Total Packets Redirected:            22536

        Redirect access-list:                WCCP_Users

        Total Connections Denied Redirect:   0

        Total Packets Unassigned:            84

        Group access-list:                   WCCP_Proxy

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     3069

 

Proxy Config:

Proxy1#sh wccp configuration

WCCP Configuration

;Version 1.3

State:                 Enabled

Version:               2

 

Service-group:         90

  Password:           

  Priority:            220

  Protocol:            TCP

  Ports-to-redirect:   (all)

  Interface:           0:0

  Weight:              0 on 0:0

  Assignment-type:     Hash

  Primary-hash:        source-ip

  Alternate-hash:     

  Forwarding-type:     GRE

  Returning-type:      GRE

  Home-routers:        10.30.1.1

  Multicast-ttl:       1

  Router-affinity:     None

 

Capture:

1: 12:00:55.715203   10.20.0.20.59818>23.15.7.128.80: S 2155722468:2155755468(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>

Thank you in advance for the help. 

Labels:
0 Helpful
2 Replies 2

Akshay Rastogi
Cisco Employee
Cisco Employee

‎11-28-2015 08:48 AM

Hi Scott,

Check the configuration/settings on bluecoat for the http traffic as ASA redirect the traffic on the basis of information exchanged between proxy server and ASA through 'i see you message'. If bluecoat shares that it could handle redirection for http then ASA would redirect the same.

Hope it helps.

Regards,

Akshay Rastogi

Remeber to rate helpful posts.

0 Helpful

Kias
Level 1
Level 1

‎08-26-2016 12:06 AM

The below ACL will be more precise

access-list wccp-http extended deny ip host <wccp server ip> any
access-list wccp-http extended permit tcp object-group <LAN subnet> any eq www

access-list wccp-https extended deny ip host <wccp server ip> any
access-list wccp-https extended permit tcp object-group <LAN subnet> any eq https

access-list wccp-server extended permit ip host <wccp server ip> any

Kias
Fonicom Limited
raiseaticket Malta
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card