Re: [squid-users] Squid and WCCP (ASA)

From: Adrian Chadd <[email protected]>
Date: Thu, 15 Nov 2007 02:40:40 +0900

On Tue, Nov 13, 2007, Jason Gauthier wrote:
> All,
>
> I asked some generic questions earlier in the week and got some great
> documentation. This has led me to a working WCCP/Squid implementation.
> I thank you.

Good-o. Care to share your WCCP + ASA setup so I can put it into the
Squid Wiki?

> However, I still have problems. Firstly, please understand that I am
> using WCCP on a Cisco ASA. (Firewall, not the same IOS as a router).
>
> I have multiple interfaces on this ASA that I want to make work. (4, to
> be exact).
> I've set squid to register with WCCP on the inside interface.
> Once I redirect traffic from the inside, it works.
> I have a wireless interface, where my "guests" go. This interface also
> works when I add it.
> I have two other interfaces. One for my VPN users, and the other for
> authenticated wireless users.
> NEITHER of these interfaces work, and I cannot figure out why. Cisco
> has claimed that:

> "As the previous engineer quoted from the ASA config guide: "WCCP
> redirect is supported only on the ingress of an interface. The only
> topology that the security appliance supports is when client and cache
> engine are behind the same interface of the security appliance and the
> cache engine can directly communicate with the client without going
> through the security appliance.""
>
> They are using this as an excuse to tell me that what I want to do is
> not possible. However, I've explained that I am doing exactly this with
> two interfaces right now. I haven't heard back from them quite yet. I
> also think they are using the words in this text to their advantage.

Hm, security levels perhaps? What are the security levels for each
of your interfaces?

It -is- a closed source firewall, they can claim whatever they want.
Noone's sued Cisco over lack of functionality/features that I know about
and won.. :)

Adrian

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
Received on Wed Nov 14 2007 - 10:36:54 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST