Adrian Chadd wrote:
Didn't someone point out a few weeks ago that Cisco only support wccp redirection on the same interface as clients? the ASA is probably (quite rightly, its a firewall!) dropping the packets coming in from the DMZ as they're spoofed from another interface it knows about. You may be short of luck; you may have to put the proxy on INSIDE. See if that works. I'd offer better advice but I don't have an ASA to actually do testing on..
Actually, it depends on the firewall configuration mode... if it's in transparent mode, you're s.o.l, as the max number of interfaces == 3 (including the management interface). If it's in routed mode, you stand a better chance, and can enable communication between the interfaces. The logging buffer will reveal all though.
-- Tony Dodd, Systems Administrator Last.fm | http://www.last.fm Karen House 1-11 Baches Street London N1 6DL check out my music taste at: http://www.last.fm/user/hawkeviper
