Redirect http and https traffic from ASA 5520 via squid

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 11:23 am

 I see two redirect interfaces wccp web-cache group-list wccp-servers redirect-list wccp-trafficwccp interface Management web-cache redirect inwccp interface inside web-cache redirect in  Where are your host browsing? Behind what interface?Your hosts need to be behind the same interface as the wccp engine, that is a requirement  I hope it helps. PK[/quote] 

Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 11:31 am

All hosts are in 192.168.40.0/24 network and my proxy server is also in 40 n/w. - Ribin

Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 12:04 pm

My scenario is like below: Users (in 192.168.40.0/24 n/w) ------- Layer 3 switch(default g/w of all traffic is 192.168.30.1) ------------(192.168.30.8) ASA--------Internet Management interface IP of ASA is 192.168.40.8 and inside interface IP is 192.168.30.8. Squid server is connected in Layer 3 switch with IP 192.168.40.201. All users are in 192.168.40.0/24 n/w. - Ribin

Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 1:12 pm

Your hosts need to be behind the same interface as your squid. The squid needs to be able to send the pages to the hosts directly, not through the ASA. To begin with I would try just the  wccp web-cache redirect-list wccp-trafficwccp interface Management web-cache redirect in Make sure the management interface has the command "no management-only". Then see if the ASA redirects and if he sees the squid "sh wccp" commands. I hope it helps. PK

Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 1:46 pm

Hi, My show wccp command output is below: ASA(config)# sh wccp Global WCCP information:    Router information:        Router Identifier:                   -not yet determined-        Protocol Version:                    2.0     Service Identifier: web-cache        Number of Cache Engines:             0        Number of routers:                   0        Total Packets Redirected:            0        Redirect access-list:                wccp-traffic        Total Connections Denied Redirect:   0        Total Packets Unassigned:            0        Group access-list:                   wccp-servers        Total Messages Denied to Group:      0        Total Authentication failures:       0        Total Bypassed Packets Received:     0 It seems nothing is happening. I did "no management-only command in my management interface. - Ribin

Post Reply