Hello all, after going through the deployment section of the user guide to try and have a better understanding of how to deploy the appliance, I find myself needing some answers, if I were to deploy the device as a transparent proxy. I hope someone can oblige.
1. The appliance can be deployed using WCCPv2 or a L4 switch, I understand that with WCCP traffic will be redirected to the appliance. Should this be all traffic or should it be http and/or https traffic only? The other method is to simply connect it to a L4 switch and the guide provides no explanation of how this works. How is this accomplished? Is it feasible to configure WCCP on the L4 switch and redirect traffic to the appliance as well?
2. L4 traffic monitoring can be accomplished by using a span port, network tap or a hub. If I am to also enforce blocking and not just monitoring it says that the Web proxy and the L4 monitor must be on the same network. I don't understand, why is this so? Does the L4 traffic monitor port need an IP address?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...