Thanks for this Gilles. Can you clarify this for me please. I have an Internet connection, a firewall, then a Bluecoat port 80 in the DMZ, then a separate Bluecoat in each building doing advanced forwarding to the DMZ Bluecoat. I have several MSFC 6509 and various other routers in between. Can I use WCCP in this scenario? If so can you suggest the best way to implement it. I don't want you to do all the work :) but I would very much appreciate a kick start in the right direction. Best Regards.

for the bluecoat devices in each building, how do you intercept the traffic ?

Are you using them as proxy ?

With what you described, I would suggest to use wccp on the router in each building. Each router will intercept the web traffic and redirect it to its local BlueCoat.

The local BlueCoat can then contact the central Bluecoat device using the advanced forwarding option just like you're doing now.

You can upload a topology diagram and more information in ftp://ftp-sj.cisco.com/incoming. Then, post a message with the filename and I'll be able to retrieve it.

From there I can better assist you with the wccp implementation.

Regards,

Gilles.

Gilles. I have uploaded the file as Bluecoat_Network_mlambe.vsd.

Not sure if you need to know these bits, but the external Bluecoat will proxy Internet DNS resolution, while internal DNS servers will do the company servers. I am looking at using W2K AD to allow site specific PAC files to be sent to each user, so they use the local bluecoat machine for proxying. Anything else that I have missed?

Many thanks for spending time with me on this. It is very much appreciated.

Forgot to answer another of your questions. Yes I am using each site specific bluecoat box as the site proxy. Then advanced forwarding (ICP) is pointing the traffic towards the correct site (for internal web servers), or towards the DMZ internal bluecoat for Internet resolution. regards, mark