06-10-2003 11:28 PM
Hi ,
We have purchased a cache engine 510 and are going to be deploying it in a transparent caching scenario. Where is the optimal place to put the cache engine, on the inside network behind firewall or on outside. If placed on the outside of the firewall what conduits/access lists need to be put in place for the solution to work.
I have been trying to find a good document on how the WCCP protocol works with regards to how the source/destination addresses change when a router redirects traffic to a cache engine to better understand what rules need to be changed on the firewall. Any pointers to a good reference URL will be greatly appreciated.
06-11-2003 07:30 AM
WCCP will not work accross a firewall.
Redirecting packets would not be a problem.
But WCCP discovery will fail.
So, the Cache needs to be on the same subnet as the router.
Anyway the best place to put the Cache is the closest to the clients.
Gilles.
06-11-2003 09:42 PM
Hi Gilles,
In our scenario we have a firewall between the router connecting out to the internet and the clients on the inside. In this case where will be the optimum place to position the cache engine ( inside or outside ).
Many thanks
06-11-2003 11:37 PM
One other question:
How can I view the cached objects on a cache engine 510 ?
Secondly:
If I display this log file on the cache engine what does the DIRECT mean in this line:
#type local1/logs/celog_196.33.48.199_20030612_060000.txt
1055397627.699 2659 196.26.83.132 TCP_MISS/302 786 GET http://www.msn.co.za/ - D
IRECT/www.msn.co.za -
Many thanks
06-11-2003 11:55 PM
to understand the log message, please look into :
http://www.cisco.com/en/US/products/hw/contnetw/ps546/products_tech_note09186a00800a5fe1.shtml
If you have only one router, you don't have the choice of the location.
Put your Cache in the same subnet as the router and the firewall.
Finally, you can't view object that were cached.
Gilles.
06-12-2003 12:03 AM
I would just like to clarify what you are saying:
Should the cache engine be on the outside of the firewall. If so does this not make the cache engine vulnerable.
Thank you
06-13-2003 01:04 AM
the best would be on the inside.
However, I understand you have only 1 router and it is located on the outside.
So, you don't have the choice unles you buy another router or use the cache engine as a proxy.
If you use the cach as a proxy you don't need WCCP anymore and so, you can place the Cache wherever you want.
But this is not transparent caching anymore.
Gilles
06-13-2003 01:40 AM
Thanks for the info
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide