access-list Proxy extended permit tcp 10.1.1.1 255.255.255.240 any eq www
access-list Proxy extended permit tcp 10.1.1.17 255.255.255.240 any eq www
access-list ProxyWS1000 extended permit tcp host 10.1.2.247 any eq www
Would this work ?? Im trying to send 10.1.1.0 thorugh the proxy before going outside. WOuld the ip traffic going through there own assigned NAT pool or using the proxy static ip. (IE as if I had configure the Proxy in IE).
Also a second question - I thought I was being secure by using ACL such as
access-list Test extended permit tcp 10.1.1.0 255.255.255.0 eq www any eq www
But I assume that ports going out from a client are not locked to that service ?? IE port 80 request go from port 80 to port 80 ???
There's a lot of wccp restrictions compared to what you can do on a router so double-check your architecture - and remove the group-list as it's not necessary if there's only one server.
Note that when using http it's only the destination port of 80 that is fixed - the client source port can be anything in the high port range (1024-65535) so the Test access list probably won't ever match anything.
Lastly, don't forget to check the logs - they are the most useful tool when troubleshooting!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...