Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2754
Views
0
Helpful
1
Replies

WCCP redirection on ASA 5520

Justin Westover
Level 1
Level 1

‎07-18-2011 01:00 PM - edited ‎03-11-2019 02:00 PM

I currently have WCCP redirection setup on my ASA 5520 to redirect to an ironport on ip address 10.11.1.10. The ASA inside ip is 10.11.1.1 and the ironport is setup for transparent redirection to that IP. This all works well and the Service Identifier i'm using for WCCP is 95.

I am now creating another WCCP group because on my ironport I have 4 interfaces so I wanted to use them for our admin network. So I created an ACL on the ASA for our admin traffic and I want to redirect that using Service Identifier 94 to the ip on the ironport of 10.11.1.22. But I can't get traffic to redirect, instead I see the following:

10ASA-LAN1(config)# sh wccp

Global WCCP information:

    Router information:

        Router Identifier:                   X.X.X.X

        Protocol Version:                    2.0

    Service Identifier: 94

        Number of Cache Engines:             0

        Number of routers:                   0

        Total Packets Redirected:            0

        Redirect access-list:                WCCP_redirect_to_ironport_Admin

        Total Connections Denied Redirect:   0

        Total Packets Unassigned:            0

        Group access-list:                   WCCP_Ironport_Admin

        Total Messages Denied to Group:      94

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

    Service Identifier: 95

        Number of Cache Engines:             1

        Number of routers:                   1

        Total Packets Redirected:            772571105

        Redirect access-list:                WCCP_redirect_to_ironport-Users

        Total Connections Denied Redirect:   0

        Total Packets Unassigned:            1487

        Group access-list:                   WCCP_IronportInterface_for_Users

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

You can see that ID group 94 is the one I'm having difficulty with. All messages are denied and I'm not sure why? I can still get out to the web, my traffic just isn't being redirected to the ironport?

Labels:
0 Helpful
1 Reply 1

mirober2
Cisco Employee
Cisco Employee

‎07-20-2011 01:15 PM

Hi Justin,

The messages are being denied because there are no cache engines available for service group 94: 

Number of Cache Engines:             0

I would suggest setting up a quick packet capture on the interface for all traffic to and from 10.11.1.22. This will give you a better idea of where the communication between the ASA and the WSA is failing.

-Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card