On Tue, Nov 13, 2007, Jason Gauthier wrote: > All, > > I asked some generic questions earlier in the week and got some great > documentation. This has led me to a working WCCP/Squid implementation. > I thank you. Good-o. Care to share your WCCP + ASA setup so I can put it into the Squid Wiki? > However, I still have problems. Firstly, please understand that I am > using WCCP on a Cisco ASA. (Firewall, not the same IOS as a router). > > I have multiple interfaces on this ASA that I want to make work. (4, to > be exact). > I've set squid to register with WCCP on the inside interface. > Once I redirect traffic from the inside, it works. > I have a wireless interface, where my "guests" go. This interface also > works when I add it. > I have two other interfaces. One for my VPN users, and the other for > authenticated wireless users. > NEITHER of these interfaces work, and I cannot figure out why. Cisco > has claimed that: > "As the previous engineer quoted from the ASA config guide: "WCCP > redirect is supported only on the ingress of an interface. The only > topology that the security appliance supports is when client and cache > engine are behind the same interface of the security appliance and the > cache engine can directly communicate with the client without going > through the security appliance."" > > They are using this as an excuse to tell me that what I want to do is > not possible. However, I've explained that I am doing exactly this with > two interfaces right now. I haven't heard back from them quite yet. I > also think they are using the words in this text to their advantage. Hm, security levels perhaps? What are the security levels for each of your interfaces? It -is- a closed source firewall, they can claim whatever they want. Noone's sued Cisco over lack of functionality/features that I know about and won.. :) Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
