I have two independent firewalls ASA5510 in the network connected together with LAN and have independent WAN links.
ASA-2 has content filtering solution and Squid server is in the subet connected to both firewall but gateway to ASA-2.
ASA-1 has the clients into the separate VLAN that needs to be proxied. So i would like that ASA-1 proxied/hhtp redirect to the squid server and then squid server went out to internet through ASA-1 using content filtering. Is it possible? i have seen that WCCP requirement is that proxy and client on same subnet.
Any help in this matter will be highly appriciated.
Is the WCCP works on different firewall interfaces/subnets where squid only resides in one subnet.
My WCCP configuration works when client and squid is on same vlan. if they are on different i got the following message on firewall.
Feb 14 12:46:16 10.16.7.1 Feb 15 2010 12:46:16 Firewall-10: %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src inside-2:184.108.40.206/80 dst inside-squid:10.16.8.65/4158 denied due to NAT reverse path failure
Is there any way we could use WCCP on different subnets on firewall?
Is there any other solution exist to proxy the internet traffic to squid server on different subnets?
The only topology that the security appliance supports is when client and cache engine are behind the same interface of the security appliance and the cache engine can directly communicate with the client without going through the security appliance.
So you can have squid to go through the ASA to pull pages fine, but your users to be redirected to squid need to be behind the same interface on the ASA as the squid and be able to communicate with it.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...