04-04-2013 10:33 AM - edited 03-11-2019 06:23 PM
Hi to everyone
First of all my apologies for my poor english, spanish is my first language
I have saw many posts regarding this but after read most of them none can solve my problem
I have the following topology, WCCP is configurated on ASA, inside interface, lan users and websense machine are located on the same VLAN
of my catalyst 3750G
I want to filter traffic on port 80 (www) to the users on the LAN side
debug on the ASA show me that comunication between that device and Websense is OK,
there is Here_I_Am and I_See_You packets
WCCP-PKT:D00: Sending I_See_You packet to WEBSENSE_PROXY w/ rcv_id 0000015B
WCCP-PKT:D00: Received valid Here_I_Am packet from WEBSENSE_PROXY w/rcv_id 0000015B
WCCP-PKT:D00: Sending I_See_You packet to WEBSENSE_PROXY w/ rcv_id 0000015C
WCCP-PKT:D00: Received valid Here_I_Am packet from WEBSENSE_PROXY w/rcv_id 0000015C
WCCP-PKT:D00: Sending I_See_You packet to WEBSENSE_PROXY w/ rcv_id 0000015D
From show WCCP i saw that WCCP engine and ASA were detected
FW# sh wccp
Global WCCP information:
Router information:
Router Identifier: 200.X.X.X
Protocol Version: 2.0
Service Identifier: 0
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 0
Redirect access-list: wccp-users-trafico
Total Connections Denied Redirect: 14979
Total Packets Unassigned: 0
Group access-list: wccp-server-client
Total Messages Denied to Group: 0
Total Authentication failures: 10
Total Bypassed Packets Received: 0
FW-CORFO#
My configuration is the following, I have checked here and also on Websense Support website
for testing i am using just one host on the network to check websense filtering
FW-# sh run | include wccp
access-list wccp-users-trafico extended deny ip host 172.16.121.4 any
access-list wccp-users-trafico extended deny ip CLASE_A_PRIVADA 255.0.0.0 any
access-list wccp-users-trafico extended deny ip CLASE_B_PRIVADA 255.240.0.0 any
access-list wccp-users-trafico extended deny ip CLASE_C_PRIVADA 255.255.0.0 any
access-list wccp-users-trafico extended permit ip host 172.16.127.70 any
wccp 0 redirect-list wccp-users-trafico group-list wccp-server-client password *****
wccp interface LAN 0 redirect in
So the problems is that , there is no packets redirected to Websense
I have checked many times all the configuration, and it´s seems to be OK
ASA software is 8.2
Websense is 7.7
thanks in advance for any help or clue regarding this issue
Miguel
04-04-2013 11:34 AM
Hi,
This is really something that I have NOT done much but just thought I'd point this out
Total Authentication failures: 10
Is there somekind of missmatch with regards to the password configured?
- Jouni
04-04-2013 12:09 PM
my mistake, I have forgotten clear WCPP statistcs before the execution of show wccp command
authentication failures were registered before the password were configurated on Websense
so is not a problem
04-11-2013 05:01 AM
nobody knows how to solve this ??? or someone who could give some clue about this issue.....
04-11-2013 06:23 AM
Hi Miguel,
As per the configuration only traffic from 172.16.127.70 would be considered for re-direction:
access-list wccp-users-trafico extended permit ip host 172.16.127.70 any
Also on what type of traffic you want re-direction??
-Akshay
04-11-2013 07:44 AM
Hi Akshay
i am using only my IP address for testing, and i want to redirect www port
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide