The ASA must be running minimum 7.2.1 code to be able to configure WCCP feature.
The only topology that the adaptive security appliance supports is when client and cache engine are behind the same interface of the adaptive security appliance and the cache engine can directly communicate with the client without going through the adaptive security appliance.
Router ID is chosen as the highest IP address configured on the ASA. If that happens to the DMZ interface or the outside interface IP address, then the WCCP server has to have a route to get to that Router-ID address pointing to the ASA's interface.
How wccp works
PC makes a request to a website.
ASA receives the request and re-directs it to the wccp server in an encapsulated GRE packet to avoid any modifycations to the original packet.
WCCP receives the packet and sends the response directly to the PC.
Step by Step Configuration
1. Configure an access-list containing all members of WCCP servers.
There is only one WCCP server in this example.
ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any
2. Create an access-list of the traffic that needs to be re-directed to WCCP
The access-list argument should consist of a string of no more than 64 characters (name or number) that specifies the access list. The access list should only contain network addresses. Port-specific entries are not supported.
ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any
I need to setup 5525-X with FireSight 750 from the scratch. (complete wipe out and rebuild) What is the stable version for the following1) ASA IOS =2) ASA ASDM = 3) SFR Boot Image = 4) SFR Package = 5) FireSight 750 Boot Image = &...
hello everyone, who can help me ? Products used :anyconnect version 184.108.40.206ISE VERSION 2.4Complaince module Windows 4.3.642.6144Description problem: 5238 Endpoint authentication problem was fixed before the posture and anyconnect configu...
Let's say you have a ASA firewall in between two end points (say another firewall and router) where a IPSEC tunnel is built on - basically you have an ASA that must pass IPSEC traffic.The ASA firewall must pass isakmp and esp services and just the subnet ...
Products used :anyconnect version 220.127.116.11ISE VERSION 2.4 Complaince module Windows 4.3.642.6144Architecture : ( Schéma ci-joint) description problem: 5238 Endpoint authentication problem was fixed log before the posture and anyconnect configu...