Vichao Saenghiranwathana wrote:
What I have done so far are 1. Connected squid transparent proxy server with ASA5510 via eth0 interface 2. Set up NAT at ASA5510 to map squid transparent proxy server(192.168.9.251) with the public ip (203.130.133.9)
There should be no need for NAT on the ASA. Relevant packets get _routed_ down the WCCP tunnel to the Squid box where NAT happens.
Squid outbound traffic gets the same handling any outbound traffic would (except pushing back down the wccp tunnel).
3. Configured eth0 interface eth0.0 ----------> 192.168.9.251 eth0.1 ----------> 203.130.133.9 4. Added wccp to squid.conf http_port 3128 transparent # ###### 192.168.9.253 is ASA5510 wccp2_router 192.168.9.253 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_assignment_method 1 httpd_accel_no_pmtu_disc on 5. Used is following command modprobe ip_gre iptunnel add gre0 mode gre remote 192.168.9.253 local 192.168.9.251 dev eth0.0 ifconfig gre0 inet 192.168.9.251 netmask 255.255.255.0 up ip link set eth0 mtu 1400 ip link set gre0 mtu 1400 echo 1 > /proc/sys/net/ipv4/ip_forward echo 0 > /proc/sys/net/ipv4/tcp_window_scaling echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128 6. Cisco config wccp web-cache wccp interface inside web-cache redirect in This is my network diagram Network diagram : http://dl.dropbox.com/u/5966530/Network%20Diagram_small.jpg I would like to know if I missed some steps or I did something wrong. Your help will be greatly appreciated!
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
