cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
362
Views
0
Helpful
2
Replies

WCCP on ASA Query/Workaround needed

tarunbansal1
Level 1
Level 1

Hi All,

 

I have a scenario as follows,

 

clients ---- ASA ---- Internet

                 |  DMZ interface

              Web Proxy

 

My clients on the inside needs to get redirected to a web proxy server which is behind the DMZ interface. Now WCCP works fine when both clients and Web Proxy are behind same DMZ interface.

 

However, for WCCP on ASA there is a limitation that both clients and redirect server should be behind same interface, i.e. through the box traffic is not allowed as such.

 

I want to know is there a work around for the same? Would configuring TCP state bypass work? Or has someone come across this kind of issue and got a work around which resolved it?

 

Thanks in advance.

 

2 Replies 2

Rishabh Seth
Level 7
Level 7

Hi,

 

TCP state bypass will not be useful as ASA will ignore TCP state tracking once it determines that it has to redirect the traffic to wccp web-cache.

 

Related Doc:

http://www.cisco.com/c/en/us/td/docs/security/asa/special/wccp/guide/asa-wccp.html

 

Regards,

 

 

Murali
Level 1
Level 1

Hi

the only topology that the adaptive security appliance supports is when client and cache engine are behind the same interface of the adaptive security appliance and the cache engine can directly communicate with the client without going through the adaptive security appliance.

 

Review Cisco Networking for a $25 gift card