On tis, 2007-11-13 at 09:34 -0500, Jason Gauthier wrote: > I have multiple interfaces on this ASA that I want to make work. (4, to > be exact). > I've set squid to register with WCCP on the inside interface. > Once I redirect traffic from the inside, it works. > I have a wireless interface, where my "guests" go. This interface also > works when I add it. > I have two other interfaces. One for my VPN users, and the other for > authenticated wireless users. > NEITHER of these interfaces work, and I cannot figure out why. Cisco > has claimed that: I would guess that either firewalling or routing messes things up. Have you verified with tcpdump how far things get? I.e. do you see the SYN packets from those networks or is it completely silent? Please remember that routing when using WCCP is a bit special. The cahce engine will respond with the originally contacted ip:port to the client source ip:port, and this might easily get trapped in firewall or nat rules when running WCCP on a firewall. > "As the previous engineer quoted from the ASA config guide: "WCCP > redirect is supported only on the ingress of an interface. The only > topology that the security appliance supports is when client and cache > engine are behind the same interface of the security appliance and the > cache engine can directly communicate with the client without going > through the security appliance."" So I would say you are already bending the limits of what this device is supposed to support. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
