Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

wsa deploying

Hi
I have to install two WSA S170 apliances (for redundancy purposes) in our network which looks like on attached scheme. I have to assure that web traffic from hosts connected to us via VPN (10.0.1.0/24), hosts in local office (200.0.0.0/24) and servers (220.0.0.0/24) will go through a
WSA. I went through few deployment guides but in every scenario a host's network was terminated directly on an ASA and a wsa was connected directly to this network.
I would like to use transparen redirection (WCCP).
Can you please advice where/how should I connect these WSAs into my network to redirect http/https traffic using wccp to WSA ?
 
 
 
 
 
 
 
 
 
 

 

  • Web Security
Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi,Remember that the ASA has

Hi,

Remember that the ASA has the limitation that the clients and the WSA must be behind the same interface.

That VPN connection is L2L? Because if this is the case, WCCP redirection for the the VPN users must not be the best approach. Have you consider changing the proxy settings the browser? or an On-site solution for this remote site like WSA or Cloud Web Security?

 

Regards,

 

Luis Silva

 

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
3 REPLIES
Cisco Employee

Hi,Remember that the ASA has

Hi,

Remember that the ASA has the limitation that the clients and the WSA must be behind the same interface.

That VPN connection is L2L? Because if this is the case, WCCP redirection for the the VPN users must not be the best approach. Have you consider changing the proxy settings the browser? or an On-site solution for this remote site like WSA or Cloud Web Security?

 

Regards,

 

Luis Silva

 

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
New Member

Hi  I've alredy configured a

Hi 

 I've alredy configured a WCCP redirection for all networks which are behind the same interface of an ASA and enabled proxy in remote hosts browsers (VPNs are L2L).

It works fine.

 

thank you for your answers

regards

Depending on which size/model

Depending on which size/model your ASA FW for internetbreakout is, you could create a second context based firewall running on the same fysical hardware.

You could then have the diffent clients run out the same interface on FW context 2 and make WCCP redirect on FW context 1. See attached picture.

It all depends on if your ASA model support context based instances.

br,

M

100
Views
0
Helpful
3
Replies
This widget could not be displayed.