ASA w WCCP redirecting to Squid on CentOS- TCP re-transmissions
Hello all... hoping somebody can help me here. Having a bear of a time getting WCCP redirection working for http clients using squid on CentOs as a proxy and a ASA as my firewall device. I've followed 10 or so articles to no avail. This one here seems concise enough and I followed it verbatim. Except for the iptables -t nat -A POSTROUTING -j MASQUERADE Line at the end...did not see that anywhere else and read it can cause issues with firewalls.
I have connectivity throughout the network. Squid is working and works fine if I point my browsers to it, clients can get out.... But just can't get the transparent redirect\intercept to work w WCCP.
I've attached a screen shot of a wire shark capture at the etho of the squid box. When requesting a website from a windows client (novell.com for example) I get a tcp packet from the ASA to the Proxy as it should, with the WCCP\GRE packet with the web request inside. After that it's a tcp out of order packet followed by a slew of TCP retransmits from the requesting client to the web site – with every other packet having the WCCP\GRE header.
I could certainly post my pertinent configs but I think they are solid as per the above article and all else I've researched.
Here's the basic topology:
ASA- inside- (also my WCCP ID)- 192.168.10.5
Squid proxy (3128)- 192.168.1.19 w a gre interface (wccp0) redirecting to port 3129
Windows client- 192.168.1.2
Cisco Adaptive Security Appliance Software Version 8.4(2) Squid V 3.4
Any help is appreciated- would love to get this to work ! Dennis
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...