ASA Configuration Example
Complete these steps in order to configure the WCCP for the ASA via the WSA:
Enter this command in order to use the default service group web-cache:
wccp web-cache wccp interface inside web-cache redirect in
Enter this command in order to use a dynamic service group ID for the redirection of HTTP and HTTPS traffic:
wccp 91 redirect-list wccp-hosts group-list wccp-routers
Enter this command in order to use WCCP security:
wccp 91 redirect-list wccp-hosts group-list wccp-routers pass xxxx
The access list can be configured so that it denies the traffic that is sent to the ASA as a destination IP address and redirects it to the WSA. This is particularly useful when the ASA is configured in order to redirect traffic to multiple WSAs. For example, the WSAs might be assigned these IP addresses:
WSA1 IP address = 10.0.0.1
WSA2 IP address = 10.0.0.2
Enter these commands in order to configure the access list to deny the traffic:
access-list wccp-hosts extended deny tcp any host 10.0.0.1 access-list wccp-hosts extended deny tcp any host 10.0.0.2
Enter this command in order to allow the HTTP traffic to be redirected:
access-list wccp-hosts extended permit tcp any any eq www
Enter this command in order to allow the HTTPS traffic to be redirected:
access-list wccp-hosts extended permit tcp any any eq https
Enter these commands in order to define the WSAs that are allowed to participate in the WCCP communication:
access-list wccp-routers standard permit host 10.0.0.1 access-list wccp-routers standard permit host 10.0.0.2
If the redirect-list command is not accepted, then an extended access list might be needed. Enter these commands in order to configure the extended access list:
access-list wccp-routers extended permit ip host 10.0.0.1 any access-list wccp-routers extended permit ip host 10.0.0.2 any
Enter this command in order to apply the configuration:
wccp interface inside 91 redirect in
WSA Configuration Example
biOos
No comments:
Post a Comment