Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
0
Helpful
1
Replies

WCCP - WSAS170 Transparent Proxy not redirecting

jeremyt03
Level 1
Level 1

‎10-21-2016 08:30 AM

Hi All,

I have configured the WSA with WCCP id 1.  I have one realm, one identity, and 4 access groups which match 4 security groups in AD.

Policy trace when going to a blocked category for a particular user seems to work as expected and says request is blocked.  However, the machine lets said users view the site normally instead of blocking.

Looking at tail 1 logs I'm getting nada.  WCCP statistics show no packet redirection.

I have configured the Core switch as follows

ip wccp source-interface Vlan105
ip wccp 1 redirect-list Cisco_Ironport group-list 99

interface Vlan4
 description $DATA_NETWORK$
 ip address 10.10.30.254 255.255.255.0 secondary
 ip address 10.10.10.254 255.255.255.0 secondary
 ip address 10.10.4.254 255.255.255.0
 no ip redirects

 ip wccp 1 redirect out

I also set up the CDA with passphrases that tests fine.

Any idea why redirection isn't happening?  My first thought is the secondary addresses but a CCIE advised that should be okay.  My next step is to remove the secondary addresses from vlan 4 to see if that is causing an issue.  Ideas anyone?????

Labels:
0 Helpful
1 Reply 1

Tao Yang
Cisco Employee
Cisco Employee

‎10-23-2016 06:52 PM

If you run "sh ip wccp 1 detail" in your switch, can you find if the wccp has been established between WSA and your switch.

Which platform did you enable the wccp? Here is a KB and hope it helps.

http://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/118006-configure-wccp-00.html

0 Helpful
Customers Also Viewed These Support Documents