Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

WCCP V2 Question (Redirect https)

Hello all

I have been successful in implementing wccp in my multiple vlan environment.

Router is Cisco 2921

G0/0 - Internet

G0/1 - Squid Proxy

G0/2 - Clients in multiple vlans

Here is the config:

ip wccp web-cache redirect-list 120

interface GigabitEthernet0/2.1

encapsulation dot1Q 3

ip address 172.16.1.1 255.255.255.0

ip wccp web-cache redirect in

ip nat inside

interface GigabitEthernet0/2.2

encapsulation dot1Q 2

ip address 172.16.2.1 255.255.255.0

ip wccp web-cache redirect in

ip nat inside

interface GigabitEthernet0/2.3

encapsulation dot1Q 3

ip address 172.16.3.1 255.255.255.0

ip wccp web-cache redirect in

ip nat inside

access-list 120 remark REDIRECTION_CRITERIA

access-list 120 deny   ip host 192.168.1.2 any

access-list 120 permit tcp 172.16.1.0 0.0.0.255 any eq www

access-list 120 permit tcp 172.16.2.0 0.0.0.255 any eq www

access-list 120 permit tcp 172.16.3.0 0.0.0.255 any eq www

access-list 120 deny   ip any any

I have some questions:

1) In the command "ip wccp web-cache redirect-list 120", "redirect-list 120" is not required since all vlans are clients.

using  ip wccp web-cache redirect in under all subinterfaces alone would work.

Am I correct ?

2) How can I redirect HTTPS traffic to my squid proxy.

1 REPLY
New Member

Re: WCCP V2 Question (Redirect https)

Hello,

1. "ip wccp web-cache redirect in"

It would work if you squid proxy have another default gateway to internet.

Otherwise the traffic from the SQUID is also forwarded. You have to use different interfaces for users and squid. On sabinterfeyse vlan SQUID you should not use a configuration wccp

2. Web-cache permit only http. You must configuring Dynamic WCCP.

some example:

in global:

ip wccp 120 redirect-list 120

access-list 120 remark REDIRECTION_CRITERIA

access-list 120 deny   ip host 192.168.1.2 any

access-list 120 permit tcp 172.16.1.0 0.0.0.255 any eq www

access-list 120 permit tcp 172.16.1.0 0.0.0.255 any eq 443

access-list 120 permit tcp 172.16.2.0 0.0.0.255 any eq www

access-list 120 permit tcp 172.16.2.0 0.0.0.255 any eq 443

access-list 120 permit tcp 172.16.3.0 0.0.0.255 any eq www

access-list 120 permit tcp 172.16.3.0 0.0.0.255 any eq 443

access-list 120 deny   ip any any

on interface:

ip wccp 120 redirect in


See link below for more information

http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-wccp.html#GUID-5E9AE273-1AFD-4598-9325-85F8C822D168

Best regards

289
Views
5
Helpful
1
Replies
CreatePlease to create content