> >> > >>Using WCCP... applicable router config lines: > >> > >>ip wccp version 1 > >>ip wccp web-cache redirect-list 199 > >> > >>access-list 199 permit tcp any any eq www > >>access-list 199 permit tcp any any eq 8080 > >> > >>interface FastEthernet3/1 > >> description connected to EthernetLAN_2 > >> ip wccp web-cache redirect out > >> > >>So it seems like maybe SSL/HTTPS traffic isn't being > >>forwarded to the squid at all? > > > >That is good. Check your firewall logs for traffic from the > client and > > >/ or to the web server in question. Look for dport 443 to > see if that > >traffic is going out the firewall (i.e. not going thru Squid). > > > > Okay.... looked into the fw logs. No traffic on dport 443... > but I did find traffic, which seems to be addressed to the > webmail site being dropped by iptables: Sep 14 13:42:21 fw1 > kernel: [IPTABLES DROP] : IN=eth1 OUT=eth0 SRC=[my > workstation] DST=[webmail host] LEN=60 TOS=0x00 PREC=0x00 > TTL=63 ID=62112 DF PROTO=TCP SPT=38972 DPT=2095 WINDOW=5840 > RES=0x00 SYN URGP=0 > > So this seems to suggest that the issue relates to the fw > configuration? Why would connecting to a squid vs. > transparent caching make a difference here? The dport is 2095, but WCCP is not redirecting that port. Add to your accessl-list 199 permit tcp any any eq 2095 First you might want to see if Squid is configured to proxy tcp/2095. Check your Safe_ports acl or manually configure your web browser to use the proxy. > > This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system.