cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

Beginner

WCCPv2 problem on ASA - IronPort WSA

Hi All,

I have to deploy 2 S360 WSA's in my customers network. I have to deploy transparent rediraction using wccp deployment model...

S360 appliances are logically connected to ASA inside segment (from that segment my users are comming). So that should be no problem (ASA WCCP documentation requres WSA and users to be on the same segment).

The problem was thath WCCP was not able to exchange keepalive information with ASA.

WSA is clearly sending Here I am packets, but is not receiving response from ASA !

On firewall, there is no access list that could prevent WCCP from bringing the service up.

In ASA logs we have log about received UDP connection on 2048 port (so ASA received wccp hello), but we do not se outbound connection...

We configured Inside segment IP address as Web-cache IP on WSA. I noticed that in some cases this can be a problem (especially if configured wccp router ID ip address is not the biggest one on ASA - this policy is not officially documented and, really looks unsane especially if we consider that ASA is security appliance...).

Anyway, debug pf wccp events and packets shows wrong web-cache ID message (or something similar). ID's are the same on ASA and on WSA... There is no problem in the configuration !!!

ASA OS version 8.2.2...

Hope someone will help, and had the similar problems...

Regards,

Ana

Who Me Too'd this topic