cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
934
Views
10
Helpful
5
Replies
Highlighted
Beginner

IP Spoofing and WCCP

hi,

can someone help me with this statement from cisco guide when doing transparent proxy using wccp and enabling ip spoofing:- this is mentioned i am not understanding.

"When IP spoofing is enabled and the appliance is connected to a WCCP router, you must configure two WCCP services: one based on source ports and one based on destination ports."

5 REPLIES 5
Highlighted
Cisco Employee

Hi Nitesh

Hi Nitesh

Thanks for reaching out,  Separate service ID needed for return traffic. 

Regards,

Zack

Highlighted
Beginner

Hi Shaikh,

Hi Shaikh,

But there is no configuration example which states that when ip spoofing needs to be enabled to have both ways?

so if we are using 0 and 90 or 98 for for destination port as service id. which service id needs to be used for source port for service id?

Highlighted
Cisco Employee

Hi Nitesh

Hi Nitesh

IP spoofing is not required to function WCCP, and will work just fine without it.  If you do like to configure WCCP with the IP Spoofing and having issues,  Please create a TAC case so we can help you quickly.

https://supportforums.cisco.com/document/12162701/wsa-training-series-how-configure-web-proxy-cisco-web-security-appliance

https://techzone.cisco.com/t5/Web-Security-Appliance-WSA/IP-spoofing-with-multiple-Ironport-and-multiple-router-switch/ta-p/271222

Many Thanks

Zack

Highlighted
Beginner

Dear Zack,

Dear Zack,

cant access that techzone.

For TAC its problem as the fortigate is the wccp server so they wont be able to help on that level.

Fortigate has same nat and wccp acl so when we are sending packets to wsa we are getting only ip address of NAT to WSA so we want to enable ip spoof and then remove nat from fortigate policy and just use wccp on the acl. 

Highlighted
Cisco Employee

Hi, This document might help

Hi, This document might help you to get better understanding on IP Spoofing with WCCP.d