The ASA must be running minimum 7.2.1 code to be able to configure WCCP feature.
The only topology that the adaptive security appliance supports is when client and cache engine are behind the same interface of the adaptive security appliance and the cache engine can directly communicate with the client without going through the adaptive security appliance.
Router ID is chosen as the highest IP address configured on the ASA. If that happens to the DMZ interface or the outside interface IP address, then the WCCP server has to have a route to get to that Router-ID address pointing to the ASA's interface.
How wccp works
PC makes a request to a website.
ASA receives the request and re-directs it to the wccp server in an encapsulated GRE packet to avoid any modifycations to the original packet.
WCCP receives the packet and sends the response directly to the PC.
Step by Step Configuration
1. Configure an access-list containing all members of WCCP servers.
There is only one WCCP server in this example.
ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any
2. Create an access-list of the traffic that needs to be re-directed to WCCP
The access-list argument should consist of a string of no more than 64 characters (name or number) that specifies the access list. The access list should only contain network addresses. Port-specific entries are not supported.
ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any
A client has an existing ISE 2.4 setup doing Cert Auth for Windows 7 machines using SSID-A, this is currently working fine. They are in the process of migrating to windows 10 where they have built a new internal CAInitial thought on migration is toInstall...
Hi all, i'm finding it a bit of a minefield determining if the FPR-2100-NGFW is EAL4 certified (common criteria) https://www.commoncriteriaportal.org/products/ According to the CC site it is not, however this link from Cisco suggests that it is ...
Hello all , We suddenly start facing an issue with logs on WSA SMA . We had an issue with NTP in our network which was fixed and since then we are not able to see logs on SMA .The last logs we can see are the logs before the ntp issue was appear...