cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
498
Views
0
Helpful
4
Replies

ASA WCCP Question

Brett Verney
Level 1
Level 1

Hi all,

Hopefully a quick question...

When it comes to web-cache redirection, the ASA's only supported method is via GRE encapsulation.

If my proxy server is in the same subnet as the ASA's 'INSIDE' interface, will the ASA's still be able to setup a GRE tunnel between itself and the server?

For several reasons the web-cache server (Blue Coat ProxySG 900-20) has to stay within this subnet...

Regards,

Brett

4 Replies 4

Andrew Phirsov
Level 7
Level 7

ASA currently supports WCCP only on the same interface (it should be inside interface) and only in the same subnet as it's inside interface. So your setup is only one possible for ASA and everything should work fine.

Hmm...

Is the 'same subnet' part true? My understanding was that the server and client worksations had to be 'under' the same interface.

FROM CISCO - "The only topology that the security appliance supports is when client and cache engine are behind the same interface of the security appliance and the cache engine can directly communicate with the client without going through the security appliance."

If they HAD to be within the same subnet, would that remove the need for a GRE tunnel?

Brett

Actually now i'm not 100% sure that they should be on the same subnet, but they 100% will work, when in the same subnet. As for the GRE it's the only one possible way for ASA to connect to the webcache engine. Surely when in the same subnet it's not required technically, but it's ok for GRE to work between hosts on the same subnet.

Brett Verney
Level 1
Level 1

Thanks Andrew,

Cisco aren't very informative with the WCCP functionality on the ASAs. I just want to make sure my topology will work before writing up project proposals and promising the business all this functionality. Otherwise the WCCP config on both the ASAs and the Blue Coat proxy seems very straight forward...

Brett

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: