Redirect http and https traffic from ASA 5520 via squid

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 11:23 am

 

I see two redirect interfaces

 

wccp web-cache group-list wccp-servers redirect-list wccp-traffic
wccp interface Management web-cache redirect in
wccp interface inside web-cache redirect in

 

Where are your host browsing? Behind what interface?

Your hosts need to be behind the same interface as the wccp engine, that is a requirement

 

I hope it helps.

 

PK

 


Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 11:31 am

All hosts are in 192.168.40.0/24 network and my proxy server is also in 40 n/w.

 

- Ribin


Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 12:04 pm

My scenario is like below:

 

Users (in 192.168.40.0/24 n/w) ------- Layer 3 switch(default g/w of all traffic is 192.168.30.1) ------------(192.168.30.8) ASA--------Internet

 

Management interface IP of ASA is 192.168.40.8 and inside interface IP is 192.168.30.8. Squid server is connected in Layer 3 switch with IP 192.168.40.201. All users are in 192.168.40.0/24 n/w.

 

- Ribin


Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 1:12 pm

Your hosts need to be behind the same interface as your squid. The squid needs to be able to send the pages to the hosts directly, not through the ASA.

 

To begin with I would try just the

 

wccp web-cache redirect-list wccp-traffic
wccp interface Management web-cache redirect in

 

Make sure the management interface has the command "no management-only".

 

Then see if the ASA redirects and if he sees the squid "sh wccp" commands.

 

I hope it helps.

 

PK


Guest

Re:Redirect http and https traffic from ASA 5520 via squid

Post by Guest » Fri Nov 26, 2010 1:46 pm

Hi,

 

My show wccp command output is below:

 

ASA(config)# sh wccp

 

Global WCCP information:
    Router information:
        Router Identifier:                   -not yet determined-
        Protocol Version:                    2.0

 

    Service Identifier: web-cache
        Number of Cache Engines:             0
        Number of routers:                   0
        Total Packets Redirected:            0
        Redirect access-list:                wccp-traffic
        Total Connections Denied Redirect:   0
        Total Packets Unassigned:            0
        Group access-list:                   wccp-servers
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0

 

It seems nothing is happening. I did "no management-only command in my management interface.

 

- Ribin


Post Reply