I have the following configuration for SSL sessions where I am using WCCP as the redirection method. The question is specifically how do I deal with WCCP return when the packets have to return through the same PIX device. How do I ensure the ASA-WAE session is a seperate network from the WCCP to avoid same-interface errors on the PIX and ASA and avoid a routing loop ? Do I use a sub-interface on the router and a secondary address on the WAE for the WCCP traffic ?
The SSL sessions point to the ASA and are intercepted on the router and redirected to the WAE. The WAE sets up an SSL session with the ASA. The router redirects the WCCP to the WAE via the PIX. The WAE returns the WCCP redirected traffic as marked and the router then sends the traffic back through the PIX.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...