Hello,

We are trying to implement WCCP in our network for LAN and VPN users. Here's a little info about our network:

- WCCP redirection is configured our cisco 4500, connected directly to the proxy server

- We have 2 VPN appliances for remote access, VPN#1 is cisco ASA 5525 (IPsec IKEv1 VPN), and VPN#2 is firewall from other vendor (SSL VPN)

- DHCP server for VPN users is in each respective firewall

We have successfully setup WCCP on our cisco 4500, here's the snippet configuration:

ip wccp 0 group-list 22 password XXX

!

interface gigabit ethernet 5/1

description PROXY_SERVER

no switchport

ip address 10.10.11.1 255.255.255.252

!

interface gigabit ethernet 5/2

description CONNECT_TO_LAN

no switchport

10.10.11.4 255.255.255.252

ip wccp 0 redirection in

!

interface gigabit ethernet 5/3

description CONNECT_TO_FW_VPN1 (ASA)

no switchport

10.10.10.1 255.255.255.0

ip wccp 0 redirection in

!

interface gigabit ethernet 5/4

description CONNECT_TO_FW_VPN2

no switchport

10.10.20.1 255.255.255.250

ip wccp 0 redirection in

!

access-list 22 permit 10.10.11.2

We have no issue in our proxy server configuration as for our LAN and VPN#2 users they can successfully browse the internet transparently after WCCP implementation. (WCCP redirection works)

but for our VPN#1 users, which are served by ASA, they're unable to browse the internet without explicit proxy configuration.

The same redirection is applied on those 3 links (LAN, VPN#1, and VPN#2) but why it is only not working on VPN#1? Please advise.

here's the snippet of our deployment showing our cat 4500 and ASA

FYI:

- our other firewall (VPN#2) deployed in the same condition as ASA, where inside interface is in the same IP subnet as the VPN users.

- please dont go off topic and talk about solution such as split-tunneling, etc, we just want to focus about WCCP in this topic

Thank you