cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1974
Views
0
Helpful
4
Replies

WCCP Configuration on ASA for Bluecoat SG 8100

haseeb
Level 1
Level 1

Hi,

I am facing some issue with bluecoat for caching. When i do the WCCP configuration on normal switch it works fine. Users can access the internet but when i configure WCCP on ASA the i can't see any traffic redirected. Details are as follows:

Physical topology:

Bluecoat------->Cat 6509E-------->Cat 6506E------->Cat2960--------->ASA5540

Logical topology:

Bluecoat------>ASA5540

Bluecoat IP: 10.57.56.1

Bluecoat GW: 10.57.56.7(ASA IP)

ASA5540 Configs:

access-list 101 extended permit ip any any

access-group 101 in interface WIRELESS

interface GigabitEthernet0/1.57

vlan 57

nameif WIRELESS

security-level 50

ip address 10.57.56.1 255.255.252.0 standby 10.57.56.2

AT-INET-FW# sh run | in wccp

wccp web-cache

wccp interface WIRELESS web-cache redirect in

AT-INET-FW# show wccp

Global WCCP information:

    Router information:

        Router Identifier:                   -not yet determined-

        Protocol Version:                    2.0

    Service Identifier: web-cache

        Number of Cache Engines:             0

        Number of routers:                   0

        Total Packets Redirected:            0

        Redirect access-list:                -none-

        Total Connections Denied Redirect:   0

        Total Packets Unassigned:            0

        Group access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

Please let me know what could be the possible issue? Am i missing any configuration step in this?

4 Replies 4

ankurs2008
Level 1
Level 1

Hi

I have encountered a issue with Bluecoat + WCCP where Bluecoat vendor told that they have restriction and can use service-id 0 only , hence

in ASA try to specify service-id 0 instead of webcache .

I will try that but there are going to be around 70 different VLANs(sub interfaces on ASA firewalls) and they shouldn't communicate with each other. This means i have to create 70 WCCP statements for each vlan on ASA right?

Yes, you need to have 70 wccp engines behind each vlan that can directly talk to each vlan hosts that will be browsing.

I hope it helps.

PK

Hi,

I did group 0 configuration but it's not responding. The configs are as follows:

AT-INET-FW# sh run wccp

wccp 0

wccp interface WIRELESS 0 redirect in

AT-INET-FW# show wccp 0

Global WCCP information:

    Router information:

        Router Identifier:                   -not yet determined-

        Protocol Version:                    2.0

    Service Identifier: 0

        Number of Cache Engines:             0

        Number of routers:                   0

        Total Packets Redirected:            0

        Redirect access-list:                -none-

        Total Connections Denied Redirect:   0

        Total Packets Unassigned:            0

        Group access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

Does it matter to connect the bluecoat with ASA directly? Or the logical connectivity i had mentioned above is fair enough?

Review Cisco Networking for a $25 gift card