Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
837
Views
5
Helpful
1
Replies

WCCP V2 Question (Redirect https)

akshaycjoshi
Level 1
Level 1

‎12-24-2013 05:48 AM - edited ‎03-07-2019 05:13 PM

Hello all

I have been successful in implementing wccp in my multiple vlan environment.

Router is Cisco 2921

G0/0 - Internet

G0/1 - Squid Proxy

G0/2 - Clients in multiple vlans

Here is the config:

ip wccp web-cache redirect-list 120

interface GigabitEthernet0/2.1

encapsulation dot1Q 3

ip address 172.16.1.1 255.255.255.0

ip wccp web-cache redirect in

ip nat inside

interface GigabitEthernet0/2.2

encapsulation dot1Q 2

ip address 172.16.2.1 255.255.255.0

ip wccp web-cache redirect in

ip nat inside

interface GigabitEthernet0/2.3

encapsulation dot1Q 3

ip address 172.16.3.1 255.255.255.0

ip wccp web-cache redirect in

ip nat inside

access-list 120 remark REDIRECTION_CRITERIA

access-list 120 deny   ip host 192.168.1.2 any

access-list 120 permit tcp 172.16.1.0 0.0.0.255 any eq www

access-list 120 permit tcp 172.16.2.0 0.0.0.255 any eq www

access-list 120 permit tcp 172.16.3.0 0.0.0.255 any eq www

access-list 120 deny   ip any any

I have some questions:

1) In the command "ip wccp web-cache redirect-list 120", "redirect-list 120" is not required since all vlans are clients.

using  ip wccp web-cache redirect in under all subinterfaces alone would work.

Am I correct ?

2) How can I redirect HTTPS traffic to my squid proxy.

Labels:
0 Helpful
1 Reply 1

alexey.bogatikov
Level 1
Level 1

‎12-24-2013 06:01 PM

Hello,

1. "ip wccp web-cache redirect in"

It would work if you squid proxy have another default gateway to internet.

Otherwise the traffic from the SQUID is also forwarded. You have to use different interfaces for users and squid. On sabinterfeyse vlan SQUID you should not use a configuration wccp

2. Web-cache permit only http. You must configuring Dynamic WCCP.

some example:

in global:

ip wccp 120 redirect-list 120

access-list 120 remark REDIRECTION_CRITERIA

access-list 120 deny   ip host 192.168.1.2 any

access-list 120 permit tcp 172.16.1.0 0.0.0.255 any eq www

access-list 120 permit tcp 172.16.1.0 0.0.0.255 any eq 443

access-list 120 permit tcp 172.16.2.0 0.0.0.255 any eq www

access-list 120 permit tcp 172.16.2.0 0.0.0.255 any eq 443

access-list 120 permit tcp 172.16.3.0 0.0.0.255 any eq www

access-list 120 permit tcp 172.16.3.0 0.0.0.255 any eq 443

access-list 120 deny   ip any any

on interface:

ip wccp 120 redirect in


See link below for more information

http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-wccp.html#GUID-5E9AE273-1AFD-4598-9325-85F8C822D168

Best regards

Customers Also Viewed These Support Documents