Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

wccp question, please help

I'm writing for a design problem regarding ACNS deployment, I

wish You could help me.

We are an italian organization implementing ACNS Network for our e-learning platform.

We'd like to configure transparent caching using wccp v.2, the typical

deployment for our branch sites is represented in the attached image.

At our typical branch site we have an access router connected to

Intranet, the outside interface of a pix and the CE all on the same

subnet while web clients are on the inside interface of the pix (on

another subnet of course). Client behind the pix access the Intranet

via NAT Overloading.

The access router (Cisco c2621-XM IOS 12.1(3)T) is configured to

intercept http traffic (web-cache service), all the http get are

coming from the ip address of the pix outside interface. All these

HTTP sessions are initiated behind the firewall of course.

This http request are then redirected by the wccp enabled router to

the CE (using GRE), the CE (ACNS 5.2) then serves this request getting

the content from the origin server (cache-miss example) and serving it

to the client using the source IP address of the origin server and

source port 80.

My question is: will this work with the pix firewall (515E 6.3(3))?

In other words the pix will see the returning HTTP traffic from the CE

to the client on its outside interface as if it would came frome the origin server?

Will this traffic have the ip

address and port of the origin server and all the

protocol info (sequence number etc. etc) to match the xlate entry in

the NAT table of the pix for the egress HTTP GET generated by the

client? Will this traffic from the CE get back to the client trough

the pix?

IMHO this could work only if the CE hijacks the TCP session started by

the client requesting the content to the origin server (the CE has all

the info it needs to do that).

Is this what actually happens? Do i miss some points?

I do hope that the CE won't try to start a new TCP connection from

outside the firewall to serve the client !!!

If this scenario won't work have You any suggestion? The type of

traffic that the CE returns to the client it doesn't seem to be very

well described on the Cisco Systems documentation concerning ACNS.

Thank You very much

1 REPLY
Cisco Employee

Re: wccp question, please help

Ruben,

This will work properly. Using WCCP, the TCP connection setup will be redirected to the Content Engine (CE). The CE will handle communication with the origin server separately. The client (and the PIX for that matter), don't really have any idea they are talking to the CE instead of the origin server.

~Zach

199
Views
0
Helpful
1
Replies
CreatePlease to create content