The ASA must be running minimum 7.2.1 code to be able to configure WCCP feature.
The only topology that the adaptive security appliance supports is when client and cache engine are behind the same interface of the adaptive security appliance and the cache engine can directly communicate with the client without going through the adaptive security appliance.
Router ID is chosen as the highest IP address configured on the ASA. If that happens to the DMZ interface or the outside interface IP address, then the WCCP server has to have a route to get to that Router-ID address pointing to the ASA's interface.
How wccp works
PC makes a request to a website.
ASA receives the request and re-directs it to the wccp server in an encapsulated GRE packet to avoid any modifycations to the original packet.
WCCP receives the packet and sends the response directly to the PC.
Step by Step Configuration
1. Configure an access-list containing all members of WCCP servers.
There is only one WCCP server in this example.
ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any
2. Create an access-list of the traffic that needs to be re-directed to WCCP
The access-list argument should consist of a string of no more than 64 characters (name or number) that specifies the access list. The access list should only contain network addresses. Port-specific entries are not supported.
ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any
Dear Expertsi have a currently FMC 750 managing FP 7110 , i want to migrate to FMC 1600 but the migration guide has no documentation to such model becz FM750 replacement is FMC 1000 and currently fmc1000 is also end of sale and replacement is FMC 1600,&nb...
Hi All- I have an ISE 2.7 cluster - two admin nodes and three PSNs. I have an AD External Identity Source that I use for computer based EAP-TLS authentication. We currently have about 10 domain controllers, several of whi...
Hi All,I currently have my ASA configured to authenticate against a RADIUS server for remote access VPN. The RADIUS server is setting the 'Class' attribute with a list of the users groups and I'd like to configure dynamic access policies using this inform...
Can you have a permit command set to allow a help-desk user to shut/no shut a particular interface or a limited range of interfaces on a switch without giving them access to the entire conf t command. What would the cmd and argument look like?