ASA currently supports WCCP only on the same interface (it should be inside interface) and only in the same subnet as it's inside interface. So your setup is only one possible for ASA and everything should work fine.
Is the 'same subnet' part true? My understanding was that the server and client worksations had to be 'under' the same interface.
FROM CISCO - "The only topology that the security appliance supports is when client and cache engine are behind the same interface of the security appliance and the cache engine can directly communicate with the client without going through the security appliance."
If they HAD to be within the same subnet, would that remove the need for a GRE tunnel?
Actually now i'm not 100% sure that they should be on the same subnet, but they 100% will work, when in the same subnet. As for the GRE it's the only one possible way for ASA to connect to the webcache engine. Surely when in the same subnet it's not required technically, but it's ok for GRE to work between hosts on the same subnet.
Cisco aren't very informative with the WCCP functionality on the ASAs. I just want to make sure my topology will work before writing up project proposals and promising the business all this functionality. Otherwise the WCCP config on both the ASAs and the Blue Coat proxy seems very straight forward...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...