12-12-2014 03:15 AM - edited 03-11-2019 10:13 PM
Hi All,
I have a scenario as follows,
clients ---- ASA ---- Internet
| DMZ interface
Web Proxy
My clients on the inside needs to get redirected to a web proxy server which is behind the DMZ interface. Now WCCP works fine when both clients and Web Proxy are behind same DMZ interface.
However, for WCCP on ASA there is a limitation that both clients and redirect server should be behind same interface, i.e. through the box traffic is not allowed as such.
I want to know is there a work around for the same? Would configuring TCP state bypass work? Or has someone come across this kind of issue and got a work around which resolved it?
Thanks in advance.
12-12-2014 04:44 AM
Hi,
TCP state bypass will not be useful as ASA will ignore TCP state tracking once it determines that it has to redirect the traffic to wccp web-cache.
Related Doc:
http://www.cisco.com/c/en/us/td/docs/security/asa/special/wccp/guide/asa-wccp.html
Regards,
12-12-2014 05:34 AM
unfortunately the only topology that the adaptive security appliance supports is when client and cache engine are behind the same interface of the adaptive security appliance and the cache engine can directly communicate with the client without going through the adaptive security appliance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide