cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1919
Views
10
Helpful
5
Replies

IP Spoofing and WCCP

hi,

can someone help me with this statement from cisco guide when doing transparent proxy using wccp and enabling ip spoofing:- this is mentioned i am not understanding.

"When IP spoofing is enabled and the appliance is connected to a WCCP router, you must configure two WCCP services: one based on source ports and one based on destination ports."

5 Replies 5

Atazazuddin Shaikh
Cisco Employee
Cisco Employee

Hi Nitesh

Thanks for reaching out,  Separate service ID needed for return traffic. 

Regards,

Zack

Hi Shaikh,

But there is no configuration example which states that when ip spoofing needs to be enabled to have both ways?

so if we are using 0 and 90 or 98 for for destination port as service id. which service id needs to be used for source port for service id?

Hi Nitesh

IP spoofing is not required to function WCCP, and will work just fine without it.  If you do like to configure WCCP with the IP Spoofing and having issues,  Please create a TAC case so we can help you quickly.

https://supportforums.cisco.com/document/12162701/wsa-training-series-how-configure-web-proxy-cisco-web-security-appliance

https://techzone.cisco.com/t5/Web-Security-Appliance-WSA/IP-spoofing-with-multiple-Ironport-and-multiple-router-switch/ta-p/271222

Many Thanks

Zack

Dear Zack,

cant access that techzone.

For TAC its problem as the fortigate is the wccp server so they wont be able to help on that level.

Fortigate has same nat and wccp acl so when we are sending packets to wsa we are getting only ip address of NAT to WSA so we want to enable ip spoof and then remove nat from fortigate policy and just use wccp on the acl. 

Hi, This document might help you to get better understanding on IP Spoofing with WCCP.d

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: