Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
770
Views
0
Helpful
3
Replies

Dual S170 Install

Go to solution
NRVCS-cisco
Level 1
Level 1

‎04-08-2013 12:28 PM

I have received 2 - S170 appliances that I be will installing in our network and I would like some suggestions and help as to what would be the best way to implement them and the process of configuration. I currently have an ASA 5510 and a Catalyst 4507 with 5 - WS-X4648-RJ45V+E and 2 WS-X45-SUP6L-E modules in it. I have attached quick and dirty network layout.

Any help would be greatly appreciated.

Thank you all

Labels:
15358027-Network.txt.zip
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎04-08-2013 02:31 PM

Install 1 WSA using this, get it working the way you want it to....

http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns982/sba_webSec_dg.pdf

I'd suggest putting P1 and T1 on the 10.1.6.x network, put the managment connection anywhere else...

Get the second box on the network with its own IP's, joined to the domain

Then get the configuration file off of the first box, edit out the unique network/AD stuff and upload it to the second box, and import it.

Then modify the WCCP acl on the firewall so as to not redirect traffic coming from the WSAs (otherwise you get loops)

It will look something like this: 

     access-list WCCP_Redirect extended deny ip any object-group InternalStuff

     access-list WCCP_Redirect extended deny ip host 10.1.6.11 any

     access-list WCCP_Redirect extended deny ip host 10.1.6.12 any

     access-list WCCP_Redirect extended permit ip object-group InternalStuff any

Hope that helps!

Ken

View solution in original post

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to NRVCS-cisco

‎04-09-2013 09:22 AM

Yes, though the WCCP process on the firewall is what's doing the work.

If you look at the WCCP service there's a radio button to pick if you base it on server address or client address.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ken Stieers
VIP
VIP

‎04-08-2013 02:31 PM

Install 1 WSA using this, get it working the way you want it to....

http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns982/sba_webSec_dg.pdf

I'd suggest putting P1 and T1 on the 10.1.6.x network, put the managment connection anywhere else...

Get the second box on the network with its own IP's, joined to the domain

Then get the configuration file off of the first box, edit out the unique network/AD stuff and upload it to the second box, and import it.

Then modify the WCCP acl on the firewall so as to not redirect traffic coming from the WSAs (otherwise you get loops)

It will look something like this: 

     access-list WCCP_Redirect extended deny ip any object-group InternalStuff

     access-list WCCP_Redirect extended deny ip host 10.1.6.11 any

     access-list WCCP_Redirect extended deny ip host 10.1.6.12 any

     access-list WCCP_Redirect extended permit ip object-group InternalStuff any

Hope that helps!

Ken

0 Helpful

Go to solution
NRVCS-cisco
Level 1
Level 1
In response to Ken Stieers

‎04-09-2013 09:13 AM

Ken,

Thank you for your quick response. When I setup the second one and have both of the running will they then load balance the traffic between the two?

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to NRVCS-cisco

‎04-09-2013 09:22 AM

Yes, though the WCCP process on the firewall is what's doing the work.

If you look at the WCCP service there's a radio button to pick if you base it on server address or client address.

0 Helpful
Customers Also Viewed These Support Documents