Wccp Interaction With Other Features; Enabling Wccp Redirection - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring Web Cache Services Using WCCP
The following WCCPv2 features are not supported with the security appliance:
•
•
•
•
WCCP Interaction With Other Features
In the security appliance implementation of WCCP, the following applies as to how the protocol interacts
with other configurable features:
•
•
•
•
Enabling WCCP Redirection
There are two steps to configuring WCCP redirection on the security appliance. The first involves
identifying the service to be redirected with the wccp command, and the second is defining on which
interface the redirection occurs with the wccp redirect command. The wccp command can optionally
also define which cache engines can participate in the service group, and what traffic should be
redirected to the cache engine.
WCCP redirect is supported only on the ingress of an interface. The only topology that the security
appliance supports is when client and cache engine are behind the same interface of the security
appliance and the cache engine can directly communicate with the client without going through the
security appliance.
The following configuration tasks assume you have already installed and configured the cache engines
you wish to include in your network.
To configure WCCP redirection, perform the following steps:
To enable a WCCP service group, enter the following command:
Step 1
hostname(config)# wccp {web-cache | service_number} [redirect-list access_list]
[group-list access_list] [password password]
Cisco Security Appliance Command Line Configuration Guide
10-10
Multiple routers in a service group is not supported. Multiple Cache Engines in a service group is
still supported.
Multicast WCCP is not supported.
The Layer 2 redirect method is not supported; only GRE encapsulation is supported.
WCCP source address spoofing.
An ingress access list entry always takes higher priority over WCCP. For example, if an access list
does not permit a client to communicate with a server then traffic will not be redirected to a cache
engine. Both ingress interface access lists and egress interface access lists will be applied.
TCP intercept, authorization, URL filtering, inspect engines, and IPS features are not applied to a
redirected flow of traffic.
When a cache engine cannot service a request and packet is returned, or when a cache miss happens
on a cache engine and it requests data from a web server, then the contents of the traffic flow will
be subject to all the other configured features of the security appliance.
In failover, WCCP redirect tables are not replicated to standby units. After a failover, packets will
not be redirected until the tables are rebuilt. Sessions redirected prior to failover will likely be reset
by the web server.
Chapter 10
Configuring DHCP, DDNS, and WCCP Services
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
