Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

Switch to WSA WCCP transperent redirection

Hello all,

 

The transparent redirection term first implied to me that the client will be totally unaware of the presence of a WSA proxy, however i delpoyed the following setup and found that the client is receiving HTTP proxy-redirect message (code 307) with source IP of the final destination server but i tells the client to request HTTP from the WSA. Redirection mode is L2 forwarding.

 

Here is the Setup:

 

               Server

                     |

client----L3 Switch----WSA
 

 

My understanding of transperent redirection in this setup is:

 

- client sends HTTP GET request to the server

- the switch intercepts the GET and redirect it to the WSA

- the WSA sends the request to the server with source IP of the WSA

- the server replies to the WSA

- the WSA replies to the client (not sure if the source will be spoofed as server IP or WSA)

 

However, my findings were different... again http-redirect arrives at the client with WSA URL

 

Please advise,

thanks in advance.

------------------ Mashal Shboul
1 REPLY
Cisco Employee

The HTTP 307 redirect is

The HTTP 307 redirect is likely coming because you are using authentication.  The way the WSA performs NTLM authentication is to redirect the browser to access the WSA directly, so that NTLM authentication can happen.  Once authenticated, another 307 will redirect it back to the original website.

If you are looking for a 100% transparent deployment, you may want to consider deploying the Cisco Context Directory Agent so that the WSA can ask the agent which user is logged onto that IP (instead of doing the NTLM authentication).

The term Transparent really just means the browser does not have a proxy setting.

 

216
Views
0
Helpful
1
Replies