Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

redirect-list does not work

I have a 6500 core switch and FWSM deployed. We use the inside interface (vlan 19)on the internet firewall as WCCP outbound interface.we have several DMZ zones in this firewall. we also have other DMZ servers on other firewalls.http or https request would be redirected to Bluecoat when all internal or DMZ hosts access Internet .But http or https request would not when internal hosts or non-internet firewall DMZ servers access DMZ servers of internet firewall. So I use redirect-list to finish this requirment. The WCCP configuration is in our core switch:

ip wccp web-cache redirect-list 120

ip wccp 10 redirect-list 120

interface Vlan19

description *** Internet-Inside ***

ip address 172.29.19.1 255.255.255.0

ip wccp web-cache redirect out

ip wccp 10 redirect out

access-list 120 deny ip 172.16.0.0 0.0.255.255 10.129.64.0 0.0.15.255

access-list 120 deny ip 172.17.0.0 0.0.255.255 10.129.64.0 0.0.15.255

access-list 120 deny ip 172.29.0.0 0.0.255.255 10.129.64.0 0.0.15.255

access-list 120 deny ip 10.111.0.0 0.0.255.255 10.129.64.0 0.0.15.255

access-list 120 deny ip 10.129.80.0 0.0.15.255 10.129.64.0 0.0.15.255

access-list 120 deny ip 10.129.96.0 0.0.7.255 10.129.64.0 0.0.15.255

access-list 120 permit ip any any

The source IP address included in all internal subnets and non-internet firewall DMZ subnets. The destination Ip address is DMZ subnet in the internet firewall.

But when we tried to access DMZ servers (10.129.72.26)from internal hosts (172.29.101.11), i found the traffic already be redirected to BC. It should match ACL "access-list 120 deny ip 172.29.0.0 0.0.255.255 10.129.64.0 0.0.15.255", but it did not. I saw match ACL "permit any any". Could you give me some clue? I would appreciate it!

226
Views
0
Helpful
0
Replies
CreatePlease to create content