Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
873
Views
0
Helpful
4
Replies

WCCP communication issue between ASA and WSA

Chirag Prajapati
Level 1
Level 1

‎07-28-2014 07:42 AM

Hi,

I am trying to setup wccp for my guest wifi setup for internet connectivity. I can see the traffic is redirected as per the below output but internet is not working on client system.

In my setup I have Client connected through wifi has default gateway as ASA and WSA connected to another interface of the same ASA. Communication flow will be like this. Attached network diagram.

Client --> ASA (inside) ---> WSA (ASA DMZ interface) ---> Internet 

Client subnet : 192.168.230.0/24

WSA inside : 10.231.47.0/26

WSA default route pointing to internet router.

============================

Below is the output from ASA.

sh wccp 90 detail

WCCP Cache-Engine information:
        Web Cache ID:          10.231.47.6
        Protocol Version:      2.0
        State:                 Usable
        Initial Hash Info:     00000000000000000000000000000000
                               00000000000000000000000000000000
        Assigned Hash Info:    FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
                               FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
        Hash Allotment:        256 (100.00%)
        Packets Redirected:    916
        Connect Time:          2d23h

Labels:
Preview file
122 KB
0 Helpful
4 Replies 4

Vance Kwan
Cisco Employee
Cisco Employee

‎07-28-2014 10:27 PM

This is an ASA limitation.  WCCP redirection is only supported when the client and the wccp device is behind the same ASA interface.

Are you able to utilize a second interface on the WSA and connect it to your Inside network?

0 Helpful

Chirag Prajapati
Level 1
Level 1
In response to Vance Kwan

‎07-28-2014 11:22 PM

Hi,

I have used both P1 & P2 for inside and internet connectivity. Not sure if i can use any other interface of WSA for this setup.

Any possibility to create subinterface on WSA?

Regards

Chirag

0 Helpful

Vance Kwan
Cisco Employee
Cisco Employee
In response to Chirag Prajapati

‎07-29-2014 09:34 AM

You can create a sub interface by going to the SSH and using the 'etherconfig' command, and adding a new interface and specify it to use a specific VLAN.  Not sure if it can work for your purposes though.

0 Helpful

Chirag Prajapati
Level 1
Level 1
In response to Vance Kwan

‎07-30-2014 03:42 AM

Thanks, I will try for subinterface.

As per my setup, WSA(Prosy) will direct all internet connection towards internet instead of ASA. 

1) Still i need NAT on ASA for my client subnet? (I dont think its required Pl confirm)

2) Do i need to configure WPAD (Pac file hosting) on WSA? My understandin is all internet traffic will be redirected by ASA to WSA hence no need of proxy script, Pl confirm.

3) if second step is not required then how client internet request will redirect to proxy through wccp on ASA on port 83 on which proxy is running.

Regards

Chirag

0 Helpful
Customers Also Viewed These Support Documents