Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Hi, Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian for web filtering. Can someone guide me the steps in getting all http and https traffic from ASA go via my squid? Any help greatly appreciated. Thanks, Ribin
The ASA can only redirect HTTP/HTTPs traffic to a websense or secure computing smartfilter (owned by McAfee). I had a client that used squid for a proxy and they used a GPO or script to force a browser to use it.
I certainly believe that we can redirect traffic via squid. I have seen some posts which does this using wccp. My current config is below: access-list wccp-servers permit ip host 192.168.40.201 anyaccess-list wccp-traffic permit ip 192.168.40.0 255.255.255.0 any wccp web-cache group-list wccp-servers redirect-list wccp-trafficwccp interface Management web-cache redirect inwccp interface inside web-cache redirect in 192.168.40.201 is my proxy server ip But I think there is nothing happening in the ASA: ASA(config)# sh wccp interfaces WCCP interface configuration: GigabitEthernet0/1 Output services: 0 Input services: 1 Mcast services: 0 Exclude In: FALSE Management0/0 Output services: 0 Input services: 1 Mcast services: 0 Exclude In: FALSE ASA(config)# sh wccp Global WCCP information: Router information: Router Identifier: -not yet determined- Protocol Version: 2.0 Service Identifier: web-cache Number of Cache Engines: 0 Number of routers: 0 Total Packets Redirected: 0 Redirect access-list: wccp-traffic Total Connections Denied Redirect: 0 Total Packets Unassigned: 0 Group access-list: wccp-servers Total Messages Denied to Group: 0 Total Authentication failures: 0 Total Bypassed Packets Received: 0 Any help? - Ribin - Ribin
Fair enough. Not having implemented WCCP on the ASA, I can be of help with this. However, a quick google search came up with this: http://parvinderbhasin.blogspot.com/200 ... setup.html HTH
Yep...I did the configuration using the same url. Thanks for your time. Can some one see whether there is any issue with my wccp configuration? - Ribin