I am trying to setup wccp for my guest wifi setup for internet connectivity. I can see the traffic is redirected as per the below output but internet is not working on client system.
In my setup I have Client connected through wifi has default gateway as ASA and WSA connected to another interface of the same ASA. Communication flow will be like this. Attached network diagram.
Client --> ASA (inside) ---> WSA (ASA DMZ interface) ---> Internet
Client subnet : 192.168.230.0/24
WSA inside : 10.231.47.0/26
WSA default route pointing to internet router.
Below is the output from ASA.
sh wccp 90 detail
WCCP Cache-Engine information:
Web Cache ID: 10.231.47.6
Protocol Version: 2.0
Initial Hash Info: 00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 916
Connect Time: 2d23h
This is an ASA limitation. WCCP redirection is only supported when the client and the wccp device is behind the same ASA interface.
Are you able to utilize a second interface on the WSA and connect it to your Inside network?
I have used both P1 & P2 for inside and internet connectivity. Not sure if i can use any other interface of WSA for this setup.
Any possibility to create subinterface on WSA?
You can create a sub interface by going to the SSH and using the 'etherconfig' command, and adding a new interface and specify it to use a specific VLAN. Not sure if it can work for your purposes though.
Thanks, I will try for subinterface.
As per my setup, WSA(Prosy) will direct all internet connection towards internet instead of ASA.
1) Still i need NAT on ASA for my client subnet? (I dont think its required Pl confirm)
2) Do i need to configure WPAD (Pac file hosting) on WSA? My understandin is all internet traffic will be redirected by ASA to WSA hence no need of proxy script, Pl confirm.
3) if second step is not required then how client internet request will redirect to proxy through wccp on ASA on port 83 on which proxy is running.