Problem with S170 not seeing traffic from users behind a different ASA interface
I posted the following under the Security home page but haven't had any hits in 15 days. Maybe this is a better fit. Anyone have any ideas here?
I followed https://supportforums.cisco.com/document/48341/asa-wccp-step-step-configuration more or less, with the exception of using a service ID of 90 and not the default web-cache service.
The ASA has multiple interfaces in use. The S170 is seeing traffic for all users on the same interface it's on, but it doesn't see traffic on a different interface. The S170 is on the PROD_INTERNAL interface. For the url I noted above, the following comment is made:
"WCCP redirect is supported only on the ingress of an interface. The only topology that the ASA supports is when client and cache engine are behind the same interface of the ASA and the cache engine can directly communicate with the client without going through the ASA."
I take it I'm trying to configure this in a way this won't work? Is there a way I can make this work? Here is a portion of the ASA configuration. Thank you.
wccp 90 redirect-list WCCP-REDIRECT-IN group-list WCCP-SERVERS wccp interface FW_INSIDE 90 redirect in wccp interface PROD_INTERNAL 90 redirect in MO-FW1(config)# sh runn | in WCCP access-list WCCP-REDIRECT-IN extended permit tcp 10.10.100.0 255.255.255.0 any eq www access-list WCCP-REDIRECT-IN extended permit tcp 10.12.0.0 255.255.0.0 any eq www access-list WCCP-SERVERS extended permit ip host 10.10.100.10 any wccp 90 redirect-list WCCP-REDIRECT-IN group-list WCCP-SERVERS
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :