Adrian Chadd wrote: > Didn't someone point out a few weeks ago that Cisco only support wccp redirection on > the same interface as clients? I hope so! If so, could someone pipe up again please? I can't find any support for this idea from cisco. > the ASA is probably (quite rightly, its a firewall!) dropping the packets coming in > from the DMZ as they're spoofed from another interface it knows about. > Actually they are spoofed from an external public address it knows nothing about, but yes, I agree that it's dropping them, and that under normal operation it should do so. > You may be short of luck; you may have to put the proxy on INSIDE. See if that works. > I'd offer better advice but I don't have an ASA to actually do testing on.. That works perfectly, but I'd rather not have it there unless I really must. I'd like to exhaust the DMZ solution first.
