Sunday, December 23, 2012

WCCP 2, Squid, ASA 5510

TCP_Miss: Direct = not in cache and going direct with out through parent cache
TCP_MEM_HIT:NONE = object is stored in the memory
TCP_CLIENT_REFRESH_MISS:DIRECT = browser hit refresh 
----------------------------------------------------------------------------------------------------
vi    /etc/rc.local
modprobe ip_gre
ip tunnel add wccp0 mode gre remote (ASA Inside IP) local (Squidbox IP) dev eth0
ifconfig wccp0 (Squidbox IP) netmask 255.255.255.255 up
echo 0 >/proc/sys/net/ipv4/conf/wccp0/rp_filter
echo 0 >/proc/sys/net/ipv4/conf/eth0/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
--------------------------------------------------------------------------------------------------------
 vi    /etc/sysconfig/iptables
iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A POSTROUTING -j MASQUERADE
----------------------------------------------------------------------------------------------------------
vi   /etc/squid/squid.conf
http_port 8080 transparent
wccp2_router (ASA Inside IP)
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0 password=foo
----------------------------------------------------------------------------------------------------------
ASA 5510 Config
(Allow specific subnet)
access-list wccp_redirect extended deny ip host 192.168.10.15 any
access-list wccp_redirect extended permit tcp workstations 255.255.255.0 any eq www


(Allow everyone)
wccp web-cache
OR

wccp web-cache redirect-list wccp_redirect password foo <- br="br" password="password" with="with">
wccp interface inside web-cache redirect in

No comments: