Redirect http and https traffic from ASA 5520 via squid

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Guest

Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 8:06 am

Hi, Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian for web filtering. Can someone guide me the steps in getting all http and https traffic from ASA go via my squid? Any help greatly appreciated. Thanks, Ribin

Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 8:55 am

The ASA can only redirect HTTP/HTTPs traffic to a websense or secure computing smartfilter (owned by McAfee).  I had a client that used squid for a proxy and they used a GPO or script to force a browser to use it.

Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 9:06 am

I certainly believe that we can redirect traffic via squid. I have seen some posts which does this using wccp. My current config is below: access-list wccp-servers permit ip host 192.168.40.201 anyaccess-list wccp-traffic permit ip 192.168.40.0 255.255.255.0 any wccp web-cache group-list wccp-servers redirect-list wccp-trafficwccp interface Management web-cache redirect inwccp interface inside web-cache redirect in 192.168.40.201 is my proxy server ip But I think there is nothing happening in the ASA: ASA(config)# sh wccp interfaces WCCP interface configuration:    GigabitEthernet0/1        Output services: 0        Input services:  1        Mcast services:  0        Exclude In:      FALSE     Management0/0        Output services: 0        Input services:  1        Mcast services:  0        Exclude In:      FALSE ASA(config)# sh wccp Global WCCP information:    Router information:        Router Identifier:                   -not yet determined-        Protocol Version:                    2.0     Service Identifier: web-cache        Number of Cache Engines:             0        Number of routers:                   0        Total Packets Redirected:            0        Redirect access-list:                wccp-traffic        Total Connections Denied Redirect:   0        Total Packets Unassigned:            0        Group access-list:                   wccp-servers        Total Messages Denied to Group:      0        Total Authentication failures:       0        Total Bypassed Packets Received:     0 Any help? - Ribin - Ribin

Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 10:34 am

Fair enough.  Not having implemented WCCP on the ASA, I can be of help with this.  However, a quick google search came up with this: http://parvinderbhasin.blogspot.com/200 ... setup.html HTH

Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 10:55 am

Yep...I did the configuration using the same url. Thanks for your time. Can some one see whether there is any issue with my wccp configuration? - Ribin

Post Reply