Can someone pls confirm on the WCCP commands below on cisco routers for transparent proxy on WSA? Note that the router is connected to a switch and WSA P1 connected to that switch. How can i then test the the WCCP config on cisco and WSA is correct and working?
interface [Interface carrying outgoing/incoming traffic] ip web-cache redirect CTRL Z write mem
Where are you attempting to apply the wccp? On the switch or on the router? What model switch and router are we talking about?
On a 6500 switch you will have something like this:
ip wccp web-cache group-address redirect-list accelerated
You then have an access list that controls what gets sent over to the WSA via wccp. For us we have multiple VLANs so our server vlan, for example, we do a deny on that vlan so it doesn't get redirected. At the end of the ACL, you obviously have your permit any any in there.
There's no limitations that i'm really aware of. From my understanding WCCP is the preferred method for connecting these devices now.
We did have an issue during our setup/installation where the IronPort device just wouldn't work with wccp. We kept getting failures and lockups. This actually turned out to be a bug in the IOS code on our Cisco switch we were running. Once we upgraded the code, the WCCP side of things worked fine. I would say this would definitely be the connection method you would want, especially if you are going into a test environment. Being able to put an access list on what traffic gets passed to the WSA and what doesn't will allow you to test the box (in production) before going into a FULL LIVE situation. Just add a 'permit ip host ' followed by a 'deny ip any any' to yoru WCCP ACL that points to the WSA. You can non-intrusively test 1 machine, get your rules and such setup and then modify the ACL once testing is complete to slowly (or fast) move into FULL Production.
192.168.1.200 and 192.168.1.201 would be clients you want to use WCCP. 192.168.1.10 and 192.168.1.10 would be the WSAs you want to use WCCP, assuming you had more then 1 and you wanted to limit which WSA is redirected to for testing.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...