cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5144
Views
0
Helpful
4
Replies

Configuring WCCP on a Cisco ASA via ASDM GUI - How To

This document will outline a simple WCCP configuration on a Cisco ASA (Adaptive Security Appliance) via the Cisco ASDM graphical interface. This document assumes that “Transparent Redirection” has been previously configured on the IronPort S-Series.

For this example, the IronPort S-Series is configured with the following settings:

On the IronPort S-Series, under the “Network” tab and “Transparent Redirection”, “Transparent Redirection Device Type” is set to “WCCP v2 Router”.

With the “Service Profile” added, the “Service” is set to “Standard service ID: 0 web-cache (destination port 80)” and the “Router IP Addresses” is set to “192.168.15.1”

[img:d8912c6ee2]http://users.ctinet.net/cki/ironport/asa-wccp1.jpg[/img:d8912c6ee2]

Start by launching the “Cisco ADSM Launder” application. If the “Cisco ADSM Launder” application is not already loaded, in most cases this can be obtained by opening a web browser and establishing an https connection to the ASA’s IP address.

In this example it would be https://192.168.15.1

Once the “Cisco ASDM Launder” application is installed and loaded, login to the Cisco ASA by providing the “IP Address”, “Username”, and “Password” and select the “OK” button to proceed.

[img:d8912c6ee2]http://users.ctinet.net/cki/ironport/asa-wccp2.jpg[/img:d8912c6ee2]

When logged in, the “Home” screen which will display a general overview device dashboard of the Cisco ASA device.

[img:d8912c6ee2]http://users.ctinet.net/cki/ironport/asa-wccp3.jpg[/img:d8912c6ee2]

Proceed by selecting the “Configuration” button located to the right of the “Home” button. Then select the “Device Management” section located in the bottom left hand corner.

Next, under the “Device Management” navigation tree, expand “Advanced” and “WCCP”.

[img:d8912c6ee2]http://users.ctinet.net/cki/ironport/asa-wccp4.jpg[/img:d8912c6ee2]

Next, click the “Add” button located on the right hand side.

[img:d8912c6ee2]http://users.ctinet.net/cki/ironport/asa-wccp5.jpg[/img:d8912c6ee2]

The “Add WCCP Redirection” dialog box will appear. Select the interface you will be redirecting traffic from by clicking the “Interface” drop down box. Then click the “New” button.

[img:d8912c6ee2]http://users.ctinet.net/cki/ironport/asa-wccp6.jpg[/img:d8912c6ee2]

The “Add Service Group” dialog box will appear. Next to “Service” select the “Web Cache” radio button. Then click the “OK” button.

[img:d8912c6ee2]http://users.ctinet.net/cki/ironport/asa-wccp7.jpg[/img:d8912c6ee2]

Once returned to the “Add WCCP Redirection” dialog box, note the “Interface” and “Service Group” sections now have values.

[img:d8912c6ee2]http://users.ctinet.net/cki/ironport/asa-wccp8.jpg[/img:d8912c6ee2]

Finally, click the “OK” button to finish configuring WCCP on the Cisco ASA.

To check that WCCP is configured correctly and redirecting traffic, telnet (or SSH) to the Cisco ASA and login with “enable mode” privileges.

Run the command “show wccp”. If all is setup correctly the “Router Identifier” IP address will display along with an incrementing count next to “Total Packets Redirected”.

[img:d8912c6ee2]http://users.ctinet.net/cki/ironport/asa-wccp9.jpg[/img:d8912c6ee2]

Furthermore, at the CLI type “show wccp web-cache detail”. This will show the “WCCP Cache –Engine Information”. Ensure the value next “State” reads “Usable”.

[img:d8912c6ee2]http://users.ctinet.net/cki/ironport/asa-wccp10.jpg[/img:d8912c6ee2]

4 Replies 4

angfeglandagan
Level 1
Level 1

great post.....

jowolfer
Level 1
Level 1

Agreed. Thanks for taking the time to provide this information!

This is undoubtedly really helpful for first time WCCPers.

The only thing I'd add is support for HTTPs. Basically follow the same instructions except that instead of adding "web-cache" for the service enter the number 70 as the dynamic service number. Do this on both the ASA and the WSA and then you'll have HTTPs support as well (of course you need to turn on HTTPs support on the WSA).

This is a handy reference of service numbers used by WCCP:

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/acns/v52/configuration/local/guide/refapp.html#wp1037435

This is a handy post however at least for me this only works for one virtual"sub" interface only.This is what I found out since I have multiple vlans sub-interfaces on the ASA.

According to TAC this a secuirty feature of the ASA that prevents wccp from being redirect to more than one interface.According to TAC this is why the url-filter command was made however as far as I know the WSA doesnt support this command.

Hopefully since ironport and cisco are the same company they can get toghther and get this feature working.