40-3
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter40 Configuring Web Cache Services Using WCCP
Enabling WCCP Redirection
Enabling WCCP Redirection
Note The ASA selects the highest IP address configured on any interface as the WCCP router ID. This address
is used to establish a GRE tunnel with the cache engine.
WCCP redirection is supported only on the ingress of an interface. The only topology that the ASA
supports is when client and cache engine are behind the same interface of the ASA and the cache engine
can directly communicate with the client, without going through the ASA.
The following configuration tasks assume you have already installed and configured the cache engines
that you want to include in your network.
To configure WCCP redirection, perform the following steps:
Examples
For example, to enable the standard web-cache service and redirect HTTP traffic that enters the inside
interface to a web cache, enter the following commands:
hostname (config)# wccp web-cache
hostname (config)# wccp interface inside web-cache redirect in
Command Purpose
Step1 wccp {web-cache | service_number}
[redirect-list access_list] [group-list
access_list] [password password]
Example:
hostname (config)# wccp web-cache
Enables a WCCP service group and identifies the service to be
redirected. (Optional) Also defines which cache engines can
participate in the service group, and what traffic should be
redirected to the cache engine.
The standard service is web-cache, which intercepts TCP port 80
(HTTP) traffic and redirects that traffic to the cache engines, but
you can identify a service number (if desired) between 0 and 254.
For example, to transparently redirect native FTP traffic to a
cache engine, use WCCP service 60. You can enter this command
multiple times for each service group that you want to enable.
The redirect-list access_list argument controls traffic that is
redirected to this service group.
The group-list access_list argument determines which web cache
IP addresses are allowed to participate in the service group.
The password password argument specifies MD5 authentication
for messages that are received from the service group. Messages
that are not accepted by the authentication are discarded.
Step2 wccp interface interface_name {web-cache |
service_number} redirect in
Example:
hostname (config)# wccp interface inside
web-cache redirect in
Identifies an interface and enables WCCP redirection on the
interface.
The standard service is web-cache, which intercepts TCP port 80
(HTTP) traffic and redirects that traffic to the cache engines, but
you can identify a service number (if desired) between 0 and 254.
For example, to transparently redirect native FTP traffic to a
cache engine, use WCCP service 60. You can enter this command
multiple times for each service group that you want to enable.