cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
455
Views
0
Helpful
3
Replies

FPR1120 ASA MCCA with Squid Proxy

steffenfenger
Level 1
Level 1

Hello everyone,

i try to setup MCCA with an Squid Proxy. Unfortunately the ASA doesnt accept the Proxy as Cache Engine.

 

ASA MCCA Config:

access-list WCCP_Access remark 20230322 test WCCP
access-list WCCP_Access extended permit ip 192.168.146.0 255.255.255.0 any

- 192.168.146.0/24 is the whole Network that should be redirected

 

access-list WCCP_Group remark 20230322 test WCCP
access-list WCCP_Group extended permit ip host 192.168.140.2 any

- 192.168.140.0 is the proxy Host

 

wccp 70 redirect-list WCCP_Access group-list WCCP_Group
wccp interface 18_install 70 redirect in

 

Squid Proxy Conf:

/etc/squid/squid.conf

wccp2_router 192.168.140.254
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_rebuild_wait off
wccp2_service dynamic 70
wccp2_service_info 70 protocol=tcp flags=dst_ip_hash,src_ip_alt_hash,src_port_alt_hash priority=231 ports=443

 

Debug Output:

sh wccp 70 detail

WCCP Cache-Engine information:
Web Cache ID: 192.168.140.2
Protocol Version: 2.0
State: NOT Usable
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Hash Allotment: 0 (0.00%)
Packets Redirected: 0
Connect Time: 00:00:10

 

sh wccp 70

Global WCCP information:
Router information:
Router Identifier: 213.187.91.117
Protocol Version: 2.0

Service Identifier: 70
Number of Cache Engines: 0
Number of routers: 0
Total Packets Redirected: 0
Redirect access-list: -none-
Total Connections Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0

 

debug wccp events

WCCP-EVNT: Using ACL API to delete redirect NP rules


WCCP-EVNT: Using ACL API to add redirect NP rules


WCCP-EVNT:D70: Here_I_Am packet from 192.168.140.2 w/bad rcv_id 00000000

WCCP-EVNT:D70: Here_I_Am packet from 192.168.140.2 w/bad rcv_id 00000000

WCCP-EVNT: Using ACL API to delete redirect NP rules


WCCP-EVNT: Using ACL API to add redirect NP rules

 

Kind regards 

Steffen

3 Replies 3

marce1000
VIP
VIP

 

 - FYI : https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117809-problemsolution-wsa-00.html

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Hi,

i already reconfigured WCCP on ASA and Squid, unfortunately with no success. I also tried standard service web-chache, with the same error.

kind regards

Steffen

 

 - FYI : https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117809-problemsolution-wsa-00.html

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: