The ASA must be running minimum 7.2.1 code to be able to configure WCCP feature.
The only topology that the adaptive security appliance supports is when client and cache engine are behind the same interface of the adaptive security appliance and the cache engine can directly communicate with the client without going through the adaptive security appliance.
Router ID is chosen as the highest IP address configured on the ASA. If that happens to the DMZ interface or the outside interface IP address, then the WCCP server has to have a route to get to that Router-ID address pointing to the ASA's interface.
How wccp works
PC makes a request to a website.
ASA receives the request and re-directs it to the wccp server in an encapsulated GRE packet to avoid any modifycations to the original packet.
WCCP receives the packet and sends the response directly to the PC.
Step by Step Configuration
1. Configure an access-list containing all members of WCCP servers.
There is only one WCCP server in this example.
ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any
2. Create an access-list of the traffic that needs to be re-directed to WCCP
The access-list argument should consist of a string of no more than 64 characters (name or number) that specifies the access list. The access list should only contain network addresses. Port-specific entries are not supported.
ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any
How can I download (export) the private key of the self-signed certificate created through Object > PKI > Internal CAs ? The Firepower self-signed certificate is to be installed on corporate computers as Trusted Authority and used by FTD for ou...
Trying to migrate a policy config from S370 WSA device to virtual WSA. The policy import throws an error:
Certificates signature verification failed due to Credential Encryption certificate
After replacing the proxy_config_gen...
Working with a lab 5506-x and c3560cx and throwing some OSPF at it to see what sticks. I want the ASA to route to the internet, but I have three Vlans on the switch with SVIs for each subnet. I have NAT working on the ASA out to the internet, b...
I have a Hotspot guest portal setup that has a button that links to a sponsored guest portal to allow certain account to sign in and get elevated access. The button works fine on Android and Windows OS. On iOS devices the customer is gettin...
I have a site to site VPN tunnel setup on an ASA device. The tunnel is up and running and traffic is restricted to a single host on my side. The customer has asked for access to another host on my side via the same tunnel to port 7607. The tunnel uses pub...