Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1802
Views
0
Helpful
1
Replies

WCCP with ASA not working with Smoothwall

Go to solution
aarichmond
Level 1
Level 1

‎11-07-2017 05:14 AM - edited ‎02-21-2020 06:39 AM

Hi Experts, 

 

I've got an ASA 5550 running Software Version 9.1(7)19

 

I have the following Topology: 

 

LAN ----> ASA -----> Internet

 

Within the LAN on the ASA inside interface I have the smoothwall proxy configured for WCCP v2. It points at the ASA inside address 192.168.219.218. the smoothwall proxy has the IP of 192.168.249.113

 

I'm getting loads of authentication failures on wccp, which can be confirmed by the debugs:

 

LOANEXPO-EFWL# sh wccp

Global WCCP information:
Router information:
Router Identifier: -not yet determined-
Protocol Version: 2.0

Service Identifier: web-cache
Number of Cache Engines: 0
Number of routers: 0
Total Packets Redirected: 0
Redirect access-list: wccp
Total Connections Denied Redirect: 2
Total Packets Unassigned: 0
Group access-list: wccp-server
Total Messages Denied to Group: 0
Total Authentication failures: 697
Total Bypassed Packets Received: 0

Service Identifier: 70
Number of Cache Engines: 0
Number of routers: 0
Total Packets Redirected: 0
Redirect access-list: wccp-https
Total Connections Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: wccp-server
Total Messages Denied to Group: 0
Total Authentication failures: 493
Total Bypassed Packets Received: 0

 

LOANEXPO-EFWL# debug wccp events
LOANEXPO-EFWL#
WCCP-EVNT:D70: Here_I_Am packet from 192.168.249.113: authentication failure

WCCP-EVNT:S00: Here_I_Am packet from 192.168.249.113: authentication failure

 

I'm 100% sure the passwords in my WCCP config are correct and match the proxy configuration; I've changed the ACL's so many times and tried configuring without ACL's and encountering the same issues. 

 

WCCP config is below: (this is the current config, I've tried loads of variants)

 

LOANEXPO-EFWL# sh run wccp
wccp web-cache redirect-list wccp group-list wccp-server password *****
wccp 70 redirect-list wccp-https group-list wccp-server password *****
wccp interface inside web-cache redirect in
wccp interface inside 70 redirect in

 

LOANEXPO-EFWL# sh run access-list wccp
access-list wccp extended deny tcp host 192.168.249.113 any eq www
access-list wccp extended permit tcp any any eq www

 

LOANEXPO-EFWL# sh run access-list wccp-server
access-list wccp-server extended permit ip host 192.168.249.113 any

 

LOANEXPO-EFWL# sh run access-list wccp-https
access-list wccp-https extended deny ip host 192.168.249.113 any
access-list wccp-https extended permit tcp 192.168.0.0 255.255.0.0 any eq https

 

please can anyone help? I've never configured this before so don't want to waste TAC's time if it's a quick fix? 

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
aarichmond
Level 1
Level 1

‎11-08-2017 11:26 PM

This is now fixed, Turned out to be an issue with the proxy interfaces, I also removed all authentication on the WCCP config too. 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
aarichmond
Level 1
Level 1

‎11-08-2017 11:26 PM

This is now fixed, Turned out to be an issue with the proxy interfaces, I also removed all authentication on the WCCP config too. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card