Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
0
Helpful
1
Replies

WCCP redirection not working properly due to router ID

jomar050485
Level 1
Level 1

‎06-01-2015 06:56 AM - edited ‎03-11-2019 11:01 PM

I have a setup that has two firewalls. Our webfilter running WCCP is on the inside of the second firewall. WCCP redirection is configured on the second firewall.

 

ISP ----> ASA5520 ----> WAN ----> ASA5515 ----> filter

 

When I enable WCCP on the ASA5520, it takes the highest IP for the router ID which is the public address of the 5520. The filter cannot communicate with that IP address because it's on the OUTSIDE of the external ASA.

 

How can I make this work? Do I have to move my filter? I can't move it to the outside interface because according to Cisco:

The only topology that the adaptive security appliance supports is when client and cache engine are behind the same interface of the adaptive security appliance and the cache engine can directly communicate with the client, without going through the adaptive security appliance.

 

It seems like I cannot change the router ID of the ASA, either.

Labels:
0 Helpful
1 Reply 1

Giorgio Romano
Level 1
Level 1

‎08-06-2015 10:22 PM

About tris Cisco said:

  1. Router ID is chosen as the highest IP address configured on the ASA.  If that happens to the DMZ interface or the outside interface IP address, then the WCCP server has to have a route to get to that Router-ID address pointing to the ASA's interface.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card