Configure Cisco ASA and SQUID or WAAS for WCCP

Posted on November 18, 2010

0



Cisco ASA wccp support for WAAS configuration guide.
proxy server should accept requests on port 8080 and 80

Topology:

IP addresses:

  • ASA inside IP: 10.10.10.1/24
  • PC IP: 10.10.10.10
  • PROXY SRV IP: 10.10.10.251

Action Plan:

WCCP Interaction with Other Features for PIX/ASA:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/dhcp.html#wp1094445

Here I have read the following:

“The standard service is web-cache, which intercepts TCP port 80 (HTTP) traffic and redirects that traffic to the cache engines, but you can identify a service number if desired between 0 and 254. For example, to transparently redirect native FTP traffic to a cache engine, use WCCP service 60. You can enter this command multiple times for each service group you want to enable.”

I have found a link with the used service groups:

WCCP service groups:
http://ciscoarticles.com/network/redirecting-application-requests/

1, If on the proxy server I create a service group:

Service Group Name: TEST8080
Service Group Number: 91 (from the user defined part, that is 90-97)
Description: My test tcp port
Default Ports: 8080

It can be done on squid for example with the “wccp2_service_info” tag.
Source:
http://www.visolve.com/squid/squid26/miscellaneous.php#wccp2_service_info

I guess it can be done on Cisco WAAS, for example.
Source:
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v401/configuration/guide/traffic.html

2, I configure the following (ASA Software version 7.2.2):

wccp web-cache
wccp 91
wccp interface inside web-cache redirect in
wccp interface inside 91 redirect in

In that case the ASA will intercepts TCP port 80 (HTTP) traffic and redirects that traffic to the cache engines.

WCCP for Cisco router and squid from the Internet:
http://www.squid-cache.org/mail-archive/squid-users/200609/0393.html
http://www.sublime.com.au/squid-wccp/

WCCP RFC:
http://www.wrec.org/Drafts/draft-wilson-wrec-wccp-v2-00.txt

Advertisements
Posted in: ASA, Cisco, Security, WCCP