WCCP Configuration on ASA for Bluecoat SG 8100

Unanswered Question
May 14th, 2010

Hi,

I am facing some issue with bluecoat for caching. When i do the WCCP configuration on normal switch it works fine. Users can access the internet but when i configure WCCP on ASA the i can't see any traffic redirected. Details are as follows:

Physical topology:

Bluecoat------->Cat 6509E-------->Cat 6506E------->Cat2960--------->ASA5540

Logical topology:

Bluecoat------>ASA5540

Bluecoat IP: 10.57.56.1

Bluecoat GW: 10.57.56.7(ASA IP)

ASA5540 Configs:

access-list 101 extended permit ip any any

access-group 101 in interface WIRELESS

interface GigabitEthernet0/1.57

vlan 57

nameif WIRELESS

security-level 50

ip address 10.57.56.1 255.255.252.0 standby 10.57.56.2

AT-INET-FW# sh run | in wccp

wccp web-cache

wccp interface WIRELESS web-cache redirect in

AT-INET-FW# show wccp

Global WCCP information:

    Router information:

        Router Identifier:                   -not yet determined-

        Protocol Version:                    2.0

    Service Identifier: web-cache

        Number of Cache Engines:             0

        Number of routers:                   0

        Total Packets Redirected:            0

        Redirect access-list:                -none-

        Total Connections Denied Redirect:   0

        Total Packets Unassigned:            0

        Group access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

Please let me know what could be the possible issue? Am i missing any configuration step in this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ankurs2008 Fri, 05/14/2010 - 04:20

Hi

I have encountered a issue with Bluecoat + WCCP where Bluecoat vendor told that they have restriction and can use service-id 0 only , hence

in ASA try to specify service-id 0 instead of webcache .

haseeb Fri, 05/14/2010 - 07:29

I will try that but there are going to be around 70 different VLANs(sub interfaces on ASA firewalls) and they shouldn't communicate with each other. This means i have to create 70 WCCP statements for each vlan on ASA right?

Panos Kampanakis Fri, 05/14/2010 - 11:40

Yes, you need to have 70 wccp engines behind each vlan that can directly talk to each vlan hosts that will be browsing.

I hope it helps.

PK

haseeb Sat, 05/15/2010 - 01:18

Hi,

I did group 0 configuration but it's not responding. The configs are as follows:

AT-INET-FW# sh run wccp

wccp 0

wccp interface WIRELESS 0 redirect in

AT-INET-FW# show wccp 0

Global WCCP information:

    Router information:

        Router Identifier:                   -not yet determined-

        Protocol Version:                    2.0

    Service Identifier: 0

        Number of Cache Engines:             0

        Number of routers:                   0

        Total Packets Redirected:            0

        Redirect access-list:                -none-

        Total Connections Denied Redirect:   0

        Total Packets Unassigned:            0

        Group access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

Does it matter to connect the bluecoat with ASA directly? Or the logical connectivity i had mentioned above is fair enough?

Actions

This Discussion