I have a 6500 core switch and FWSM deployed. We use the inside interface (vlan 19)on the internet firewall as WCCP outbound interface.we have several DMZ zones in this firewall. we also have other DMZ servers on other firewalls.http or https request would be redirected to Bluecoat when all internal or DMZ hosts access Internet .But http or https request would not when internal hosts or non-internet firewall DMZ servers access DMZ servers of internet firewall. So I use redirect-list to finish this requirment. The WCCP configuration is in our core switch:
ip wccp web-cache redirect-list 120
ip wccp 10 redirect-list 120
description *** Internet-Inside ***
ip address 172.29.19.1 255.255.255.0
ip wccp web-cache redirect out
ip wccp 10 redirect out
access-list 120 deny ip 172.16.0.0 0.0.255.255 10.129.64.0 0.0.15.255
access-list 120 deny ip 172.17.0.0 0.0.255.255 10.129.64.0 0.0.15.255
access-list 120 deny ip 172.29.0.0 0.0.255.255 10.129.64.0 0.0.15.255
access-list 120 deny ip 10.111.0.0 0.0.255.255 10.129.64.0 0.0.15.255
access-list 120 deny ip 10.129.80.0 0.0.15.255 10.129.64.0 0.0.15.255
access-list 120 deny ip 10.129.96.0 0.0.7.255 10.129.64.0 0.0.15.255
access-list 120 permit ip any any
The source IP address included in all internal subnets and non-internet firewall DMZ subnets. The destination Ip address is DMZ subnet in the internet firewall.
But when we tried to access DMZ servers (10.129.72.26)from internal hosts (172.29.101.11), i found the traffic already be redirected to BC. It should match ACL "access-list 120 deny ip 172.29.0.0 0.0.255.255 10.129.64.0 0.0.15.255", but it did not. I saw match ACL "permit any any". Could you give me some clue? I would appreciate it!
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...