The ASA must be running minimum 7.2.1 code to be able to configure WCCP feature.
The only topology that the adaptive security appliance supports is when client and cache engine are behind the same interface of the adaptive security appliance and the cache engine can directly communicate with the client without going through the adaptive security appliance.
Router ID is chosen as the highest IP address configured on the ASA. If that happens to the DMZ interface or the outside interface IP address, then the WCCP server has to have a route to get to that Router-ID address pointing to the ASA's interface.
How wccp works
PC makes a request to a website.
ASA receives the request and re-directs it to the wccp server in an encapsulated GRE packet to avoid any modifycations to the original packet.
WCCP receives the packet and sends the response directly to the PC.
Step by Step Configuration
1. Configure an access-list containing all members of WCCP servers.
There is only one WCCP server in this example.
ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any
2. Create an access-list of the traffic that needs to be re-directed to WCCP
The access-list argument should consist of a string of no more than 64 characters (name or number) that specifies the access list. The access list should only contain network addresses. Port-specific entries are not supported.
ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any
Do I need a Cisco ISE device admin license for every PSN I enable the service on? For example: If I enabled the device admin service on 5 of my policy nodes. Does this mean I would need 5 device admin licenses installed on the primary admin node?
Hello, I have an urgent problem I just reimage a firepower 2120 from ASA to FTD.My users connect with Anyconnect to a FTD 2120, and this firewall have a Site to Site VPN to an Azure tenant which host the virtual machines.The users can access the loca...
Hi,In an existing network setup i have an ASA with route based tunnels to Microsoft Azure and AWS.How would i allow for remote vpn connections (Anyconnect) to access the resources over these tunnels? As i also have vpn tunnels to other sites.I am afr...