The Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing technology that allows you to integrate cache engines (such as the Cisco Cache Engine 550) into your network infrastructure. Cisco IOS Release 12.1 and later releases allow the use of either Version 1 (WCCPv1) or Version 2 (WCCPv2) of the WCCP.
Adding “Web Cache” Service Group via ASDM
- Log into the ASA via ASDM
- Click on Configuration à Device Management à Advanced à WCCP à Service Groups
- Click on Add
- Click on Web Cache
-
Select or Create Redirection List – this is traffic that is allowed to access the internet
-
Click on Manage to create a new list
- Click on Add
- Click on Add ACL
- Enter Name – WCCP_Internet_Traffic
-
Click OK
- Select newly created ACL
- Click on Add
-
Click on ACE
-
Create rule to Deny all private IP addresses
-
Click OK
- Verify that newly created ACL is still selected
- Click on Add
-
Click on ACE
-
Note the protocol is TCP ONLY.
- Click OK and you will be dropped back to the initial window.
-
From the drop down box, select the newly created Redirect List
- The Group List is a list of IronPort(s) to be used.
- To create a new List, click on corresponding “Manage” to the Group List
- Click on Add
- Click on Add ACL
-
Enter Name (WCCP_IronPorts)
- Click on OK
- Select newly created ACL
- Click on Add
-
Click on ACE
-
Permit the IP address or name of the IronPorts as the source with Any destination using the IP protocol
-
Click on OK
- Click OK and you will be dropped back to the initial window.
- From the drop down box, select the newly created Group List
-
Enter Password twice to confirm – this password will be needed again when configuring the IronPort.
-
Click on OK again to complete configuration
- Summary of configuration
Adding the “Web Cache” Redirection via ASDM
This is where the traffic will actually diverted to the WSA Appliance
- Log into the ASA via ASDM
- Click on Configuration à Device Management à Advanced à WCCP à Redirection
- Click on Add
- Select the LAN or inside interface for the interface you will like to run it on.
-
Select the newly created Web-Cache service as the Service Group
-
Click OK
- Click on Apply to submit all configuration
- Save configuration
CLI Configuration of the above
object-group network DM_INLINE_NETWORK_1
network-object 10.0.0.0 255.0.0.0
network-object 172.16.0.0 255.240.0.0
network-object 192.168.0.0 255.255.0.0
object-group network DM_INLINE_NETWORK_2
network-object host 10.10.10.111
network-object host 10.10.10.112
access-list WCCP_IronPorts line 1 extended permit ip object-group DM_INLINE_NETWORK_2 any
access-list WCCP_Internet_Traffic line 1 remark Deny all Private IP Address – This should be process locally.
access-list WCCP_Internet_Traffic line 2 extended deny ip any object-group DM_INLINE_NETWORK_1
access-list WCCP_Internet_Traffic line 3 extended permit tcp any any
wccp web-cache redirect-list WCCP_Internet_Traffic group-list WCCP_IronPorts
wccp interface inside web-cache redirect in
Monitoring WCCP on the ASA via ASDM
- Log into the ASA via ASDM
- Click on Monitoring à WCCP à Service Groups
- Click on Monitoring à WCCP à Redirection