05-02-2016 12:09 PM
hi,
can someone help me with this statement from cisco guide when doing transparent proxy using wccp and enabling ip spoofing:- this is mentioned i am not understanding.
"When IP spoofing is enabled and the appliance is connected to a WCCP router, you must configure two WCCP services: one based on source ports and one based on destination ports."
05-02-2016 12:23 PM
Hi Nitesh
Thanks for reaching out, Separate service ID needed for return traffic.
Regards,
Zack
05-02-2016 01:12 PM
Hi Shaikh,
But there is no configuration example which states that when ip spoofing needs to be enabled to have both ways?
so if we are using 0 and 90 or 98 for for destination port as service id. which service id needs to be used for source port for service id?
05-02-2016 01:21 PM
Hi Nitesh
IP spoofing is not required to function WCCP, and will work just fine without it. If you do like to configure WCCP with the IP Spoofing and having issues, Please create a TAC case so we can help you quickly.
https://supportforums.cisco.com/document/12162701/wsa-training-series-how-configure-web-proxy-cisco-web-security-appliance
https://techzone.cisco.com/t5/Web-Security-Appliance-WSA/IP-spoofing-with-multiple-Ironport-and-multiple-router-switch/ta-p/271222
Many Thanks
Zack
05-02-2016 01:54 PM
Dear Zack,
cant access that techzone.
For TAC its problem as the fortigate is the wccp server so they wont be able to help on that level.
Fortigate has same nat and wccp acl so when we are sending packets to wsa we are getting only ip address of NAT to WSA so we want to enable ip spoof and then remove nat from fortigate policy and just use wccp on the acl.
05-04-2016 05:13 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide