We currently have WCCP enabled and running on our ASA. This allows us to filter web traffic from our internal network users. However, we are running into an issue with filtering VPN users and DMZ users because the interface these users come from inside the same interface where the Websense content gateway resides. Therefore, we were told that we need to implement WCCP using a WCCP enabled router (also resides on the internal network).
I have come up with the way I believe that this should be configured but I'm looking for pitfalls/design flaws. According to what I've read I need:
1. Routes on my ASA to redirect all traffic from my VPN users and my DMZ users to the WCCP router.
2. On the router I need the following:
- WCCP enabled for HTTP, HTTPS, and FTP to redirect the traffic to my Websense appliance
- Default route that sends all traffic to the default gateway????
Am I missing any routes? Can I leave WCCP running on my ASA so I don't have to mess with my internal users?