01-15-2008 06:43 PM
Hello,
Can someone pls confirm on the WCCP commands below on cisco routers for transparent proxy on WSA?
Note that the router is connected to a switch and WSA P1 connected to that switch.
How can i then test the the WCCP config on cisco and WSA is correct and working?
interface [Interface carrying outgoing/incoming traffic]
ip web-cache redirect
CTRL Z
write mem
Thanks,
Vinesh
01-16-2008 04:02 AM
Where are you attempting to apply the wccp? On the switch or on the router? What model switch and router are we talking about?
On a 6500 switch you will have something like this:
ip wccp web-cache group-address
You then have an access list
Hope this helps.
01-16-2008 06:33 AM
Hi,
It's a Cisco 7206 router.
It's for an ISP network and given that we don't have any test environment, we will need to test the WCCP config on production traffic itself.
Are you aware whether there are any limitations when enabling with WCCP with regards to the WSA?
Thanks,
Vinesh
01-16-2008 01:08 PM
There's no limitations that i'm really aware of. From my understanding WCCP is the preferred method for connecting these devices now.
We did have an issue during our setup/installation where the IronPort device just wouldn't work with wccp. We kept getting failures and lockups. This actually turned out to be a bug in the IOS code on our Cisco switch we were running. Once we upgraded the code, the WCCP side of things worked fine. I would say this would definitely be the connection method you would want, especially if you are going into a test environment. Being able to put an access list on what traffic gets passed to the WSA and what doesn't will allow you to test the box (in production) before going into a FULL LIVE situation. Just add a 'permit ip host
Hope this helps.
01-16-2008 01:36 PM
Noted.thanks very for the points.
01-16-2008 03:27 PM
Here is some sample ACL in regards to WCCP:
ip wccp
access-list 110 permit tcp host 192.168.1.200 any eq www
access-list 110 permit tcp host 192.168.1.201 any eq www
access-list 110 deny ip any any
access-list 10 permit 192.168.1.10
access-list 10 permit 192.168.1.11
192.168.1.200 and 192.168.1.201 would be clients you want to use WCCP.
192.168.1.10 and 192.168.1.10 would be the WSAs you want to use WCCP, assuming you had more then 1 and you wanted to limit which WSA is redirected to for testing.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: