Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
284
Views
0
Helpful
1
Replies

wccp re-positioning on a network.

st9n6ow77
Level 1
Level 1

‎10-27-2009 10:28 AM - edited ‎03-11-2019 09:32 AM

We need some help in a discussion we are having about wccp and where it needs to be to work right. Also note that I have never done WCCP on the ASA yet so not sure if this will work. Here is the concept.

I-----RTR------ASA------CVPN3030

--- DMZ

--- DMZ2

--- Inside

Above is our current layout. Wccp resides internally on the inside interface on a router just after the ASA inside interface. It works fine for users on the inside network but misses the VPN users terminated on the ASA /3030 outside interface. Thus the problem at hand. WCCP misses these users because they validate the tunnel and then just go right out to the internet.

SO here are the solutions we have come up with,so far. Nothing in stone.

I----RTR---SW---ASA--- CVPN3030

This is the classical way that I can think of that will work placing the wccp at the new switch with an outside interface. This places the wccp server in harms way to be hacked, but will catch the VPN users. There is one other option but not sure it will work and this is where I need help.

I---RTR---ASA---MRG

Could I do the url redirect to this port on the firewall, catch the vpn users, and the users inside too? and then people can go out to the internet? This will semi protect the wccp server too right? Thanks.

Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎10-27-2009 08:56 PM

You can configure wccp on the ASA and this WILL cover the users who U-Turn off the ASA and go out to the internet in addition to all the users who are already on the inside.

WCCP---(inside)ASA(ouside)---Internet--VPN_clients.

Here is the documentation link to configure WCCP on the ASA.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/dhcp.html#wp1094628

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card