Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Getting Started with WCCP


We are going to start implementing WCCP. We want to configure WCCP2 on our firewall and redirect traffic from our inside interface to the web cache engine. I've read several Documents on the subject but it's still a little vague.

If we want traffic coming from the inside that is headed to the Internet to be redirected to the Web cache engine, do I enter on the inside interface:

ip wccp web-cache redirect in?

Because I want to redirect traffic that is entering the inside interface.?

Also, must I create access-list? This part of WCCP doesn't seem clear. What are the ACLs for? Doesn't the web cache engines pick up the traffic automatically?

Thanks, Pat.

  • LAN Switching and Routing

Getting Started with WCCP


You would configure it in the inbound direction in your case. Anyone going out to the internet will be going INto the interface and wccp will redirect it. You can redirect all traffic or certain hosts/subnets, etc. With an ACL, it tells the FW what to forward to the caching engine or not forward. What it doesn't forward will just go through your FW as normal traffic. You could tell your caching engine to not cache hits from a host, but there's really no reason to send it there in the first place if you don't have to.



Please rate useful posts...

HTH, John *** Please rate all useful posts ***
Super Bronze

Getting Started with WCCP


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.


Think of WCCP interface redirection statement sort of like an ACL.  You can do it either on the ingress interface(s) or the egress interface(s).  Often the latter is simpler as often just one interface goes to the firewall, but the former is often more efficient.  (Also more efficient is L2 redirect [i.e. WCCP server on a subnet which the WCCP router has an interface on] rather than L3/GRE redirect.)

As John describes you can (optionally) use an ACL to determine what traffic should be sent to the WCCP server.  Generally the WCCP servers will bounce back traffic they are not interested in, but as John describes, why send traffic to the WCCP server if you know it's not going to be processed on it.

New Member

Getting Started with WCCP

I want only 80 and 443 from all devices on the inside to go to the Web Cache Server. Could you please give me an example of the commands I would enter on the FW to accomplish this?

Thank you, Pat.

Getting Started with WCCP


Try this:

access-list WebFilter permit tcp any any eq 443

access-list WebFilter permit tcp any any eq 80

access-list Cache permit host <--- The address of your caching appliance

wccp web-cache redirect-list WebFilter group-list Cache

wccp interface inside web-cache redirect in

You *may* need to use an extended acl for the Cache like:

access-list Cache permit ip host any

Here's a more in-depth document for you to review if needed:

HTH, John *** Please rate all useful posts ***