Hi, I try to setup squid on wccp redirection with a Cisco ASA firewall: - squid : Squid Cache: Version 3.1.20 configure options: --enable-ltdl-convenience - CIsco ASA 8.2.2 My problem is with a assymettric path, the redirect was made by the ASA and the squid receive the SYN packet on the GRE interface but reply (SYN,ACK) on the ethernet interface. So I see on some post , I need to "masquerade" the traffic to force the return path on the GRE, I have tried this but without effect , I can see the rules are matched: Chain PREROUTING (policy ACCEPT 2656 packets, 317K bytes) pkts bytes target prot opt in out source destination 2802 135K REDIRECT tcp -- wccp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3139 Chain POSTROUTING (policy ACCEPT 8582 packets, 562K bytes) pkts bytes target prot opt in out source destination 28516 1866K MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 I found this post (http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg64899.html), where "tom" says with a Cisco ASA, you need to have the proxy server also on the clients LAN... I tried this and I can see it's works with this rule but for me it's not a usuable topology Anyone have a idea for make the redirection working where the clients and the proxy aren't on the same LAN Thanks for any tips.
