WCCP and WSA

on

 

ASA: WCCP step by step configuration

https://community.cisco.com/t5/security-knowledge-base/asa-wccp-step-by-step-configuration/ta-p/3126636


WCCP on ASA: Concepts, Limitations, and Configuration

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116046-config-wccp-asa-00.html



WSA sends WCCP2_HERE_I_AM

ASA responses: WCCP2_I_SEE_YOU 

A service group is identified by Service Type and Service ID. There are two types of service groups:

  • Well-known services
  • Dynamic services

Dynamic service group is defined on WSA and specify ports in WCCP2_HERE_I_AM message, ASA needs configure corresponding service group.

1. Configure an access-list containing all members of WCCP servers.

In this lab, it is WSA 

ASA(config)#access-list wccp-servers permit ip host 10.1.1.50 any

 

2. Create an access-list of the traffic that needs to be re-directed to WCCP

The access list should only contain network addresses. Port-specific entries are not supported.

access-list wccp-traffic extended permit tcp 10.1.1.0 255.255.255.0 any eq www

access-list wccp-traffic extended permit tcp 10.1.1.0 255.255.255.0 any eq https


 

3. Enable WCCP

 wccp 90 is defined on WSA

ASA(config)#wccp 90 group-list wccp-servers redirect-list wccp-traffic

 

4. Enable WCCP redirection on the inside interface

 

ASA(config)#wccp interface inside 90 redirect in

 

5. Enabling WCCP to redirect native FTP traffic to a cache engine, using service 60

Verify with the WCCP provider regarding service IDs that they support. You can identify a service number between 0 and 254.

 

ASA(config)#wccp interface inside service 60 redirect in

 


Show commands and debugs:

show wccp web-cache

show wccp interface

debug wccp event

debug wccp packets



Comments

Post a Comment