The ASA must be running minimum 7.2.1 code to be able to configure WCCP feature.
The only topology that the adaptive security appliance supports is when client and cache engine are behind the same interface of the adaptive security appliance and the cache engine can directly communicate with the client without going through the adaptive security appliance.
Router ID is chosen as the highest IP address configured on the ASA. If that happens to the DMZ interface or the outside interface IP address, then the WCCP server has to have a route to get to that Router-ID address pointing to the ASA's interface.
How wccp works
PC makes a request to a website.
ASA receives the request and re-directs it to the wccp server in an encapsulated GRE packet to avoid any modifycations to the original packet.
WCCP receives the packet and sends the response directly to the PC.
Step by Step Configuration
1. Configure an access-list containing all members of WCCP servers.
There is only one WCCP server in this example.
ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any
2. Create an access-list of the traffic that needs to be re-directed to WCCP
The access-list argument should consist of a string of no more than 64 characters (name or number) that specifies the access list. The access list should only contain network addresses. Port-specific entries are not supported.
ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any
Hi. I'm the network admin for my organization and we've been having some security issues on our network recently so I'm trying to investigate using wireshark. But my issue is that wireshark only captures packets that come to my device's network inter...
Cisco Router 2911, there are two problems:1. SSL from outside not working. From outside I mean to access router on WAN Port from my home. 2. Ping Router WAN Port from outside i.e. from my home. Complete configuration is as follows, please ...
Hello Guys, I am using cisco 2802 AP as WLC and using ISE for AAA. Clients should be authenticate by using EAP-TLS. I am getting these errors: 5411 Supplicant stopped responding to ISE 12931 Supplicant stopped responding to ISE af...
Hi, my Customer has some strange behaviors on his Switches with some clients.First the config (Closed Mode): aaa group server radius ISE
server name cisco-nac01
server name cisco-nac02
aaa authentication dot1x default group ISE
i have a cat 9704 core which is configured as a dhcp server for out data and voice.it is configured to provide 10.0 range to PCs and 20.0 range to ip phones. now am having 3 ip phones getting ip address in 10.0 range.I tried clear ip address binding comma...