03-21-2019 06:42 AM
I'd like to use ASA WCCP to redirect to a couple of Cisco WSA appliances for redundancy. I want to have a dedicated Primary WSA appliance which will service all WCCP requests and a Backup WSA appliance only to be used If the Primary fails.
I have both WSA in the same service group. WCCP requests are randomly being load balanced across both WSA's. I have tried manipulating the WCCP weights on the WSA's and traffic still load balances.
I also tried a separate service group for each WSA and the traffic is still being load balanced.
Is it possible to redirect all WCCP packets to a Primary WSA and only use the backup in the event of a primary WSA failure.
Any thoughts appreciated.
Ian
03-21-2019 06:48 AM - edited 03-21-2019 06:49 AM
here is the example guide for your requirement :
https://www.cisco.com/c/en/us/td/docs/security/asa/special/wccp/guide/asa-wccp.html
Look also some caveats also, why not implement Active/Active ?
when the device fails WCCP automatically remove from List.
03-21-2019 07:28 AM
Hi BB,
Thanks for your update. Within the document I cannot find ta solution that would give me an active/standby WCCP for my WSA appliances.
The WSA are in different DC's and the bandwidth between DC's is limited. Therefor I would prefer to use the WSA in the Primary DC and only use the Standby WSA in DC2 in the event of a WSA failure in DC1.
thanks
Ian
03-21-2019 09:13 AM
Do you have any high level topology to look, how your failover exiting enviroment works ? so we can advise best possible way to deploy.
04-01-2019 07:26 AM
WSA- GUI
Transparent Redirection Device - > Edit Device - >Choose WCCP -. Summit ->Commit
Add Service -
Dynamic service ID : 90
Port number: 80, 443
option :
-Redirect based on destination port
-Load balance based on server address
Router IP Address : 192.168.60.179
Advanced -
Load-Balacing method (Allow Hash only)
Forwarding Method (Allow GRE only)
Return Method (Allow GRE only)
Summit - > Commit
WSA-CLI
advancedproxyconfig
WCCP
ASA
access-list WCCP_REDIRECT_IN line 1 extended permit tcp 192.168.60.0 255.255.255.0 any eq www
access-list WCCP_REDIRECT_IN line 2 extended permit tcp 192.168.60.0 255.255.255.0 any eq 443
wccp 90 redirect-list WCCP_REDIRECT_IN
wccp interface inside ?
wccp interface inside 90 redirect in
sh wccp
03-21-2019 08:32 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide