Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

WCCP on 4510R-E

Hello,

simple question. I want to use WCCP for web caching/filtring on my Cisco 4510R-E. Problem is, this switch is only layer 2...all routing is done via Checkpoint firewalls connected to this switch.

My question is : does my switch needs to be the gateway/router to use WCCP  or it can work only on layer 2 ?

I've read a lot of doc but I never found this anwser.

Thank you

1 ACCEPTED SOLUTION

Accepted Solutions

Re: WCCP on 4510R-E

Yes, this is a layer 3 feature. WCCP uses IP redirection to achieve transparent redirecting to a proxy server.

One way you could accomplish this, if you really want to keep the majority of routing in your checkpoint firewalls is to create an external transport network on the outside of the firewalls and add one hop through a layer 3 interface on the 4510 before handoff to your ISP.  You would have to either have your proxy server outside the firewall (probably not the best idea) or allow special access back in for proxy hits. Of course this complicates your configuration because you need to follow certain conventions to share a device between security contexts like that securely.

My personal preference would be to let the ckeckpoint devices focus on firewalling and bring routing back into the 4510, but this may not be a good fit for your scenario.

2 REPLIES

Re: WCCP on 4510R-E

Yes, this is a layer 3 feature. WCCP uses IP redirection to achieve transparent redirecting to a proxy server.

One way you could accomplish this, if you really want to keep the majority of routing in your checkpoint firewalls is to create an external transport network on the outside of the firewalls and add one hop through a layer 3 interface on the 4510 before handoff to your ISP.  You would have to either have your proxy server outside the firewall (probably not the best idea) or allow special access back in for proxy hits. Of course this complicates your configuration because you need to follow certain conventions to share a device between security contexts like that securely.

My personal preference would be to let the ckeckpoint devices focus on firewalling and bring routing back into the 4510, but this may not be a good fit for your scenario.

Community Member

Re: WCCP on 4510R-E

thank you for anwser !!!

I'll look into this

932
Views
0
Helpful
2
Replies
CreatePlease to create content