Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
0
Helpful
2
Replies

WCCP on ASA Query/Workaround needed

tarunbansal1
Level 1
Level 1

‎12-12-2014 03:15 AM - edited ‎03-11-2019 10:13 PM

Hi All,

 

I have a scenario as follows,

 

clients ---- ASA ---- Internet

                 |  DMZ interface

              Web Proxy

 

My clients on the inside needs to get redirected to a web proxy server which is behind the DMZ interface. Now WCCP works fine when both clients and Web Proxy are behind same DMZ interface.

 

However, for WCCP on ASA there is a limitation that both clients and redirect server should be behind same interface, i.e. through the box traffic is not allowed as such.

 

I want to know is there a work around for the same? Would configuring TCP state bypass work? Or has someone come across this kind of issue and got a work around which resolved it?

 

Thanks in advance.

 

Labels:
0 Helpful
2 Replies 2

Rishabh Seth
Level 7
Level 7

‎12-12-2014 04:44 AM

Hi,

 

TCP state bypass will not be useful as ASA will ignore TCP state tracking once it determines that it has to redirect the traffic to wccp web-cache.

 

Related Doc:

http://www.cisco.com/c/en/us/td/docs/security/asa/special/wccp/guide/asa-wccp.html

 

Regards,

 

 

0 Helpful

Murali
Level 1
Level 1

‎12-12-2014 05:34 AM

Hi

the only topology that the adaptive security appliance supports is when client and cache engine are behind the same interface of the adaptive security appliance and the cache engine can directly communicate with the client without going through the adaptive security appliance.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card