[GTER] WCCP + Ironport

Vicente De Luca vdeluca at comp.ufla.br
Wed Oct 24 19:13:51 -02 2012


Boa tarde Fabio,

pela info: "   Number of Cache Engines:             0"

entendo que o proxy ainda nao negociou o protocolo com o router..

pelo que vi da sua breve descricao e topologia, a interface "DMZ" do ASA esta na rede 192.168.0.0,
e no IronPort voce configurou a interface WAN do ASA como target (172.20.5.1).

Nao seria apropriado voce configurar no IronPort o IP do ASA na DMZ (192.168.0.1),
e ao mesmo tempo garantir que nao haja filtros no ASA com tendo 192.168.0.9 como origem  ?


my 2 cents,

abs

vdeluca
INOC: 28302*100


On 24/10/2012, at 16:04, Fabio Luiz <fabiosk at gmail.com> wrote:

> Amigos,
> 
> Estou com um problema na criação de uma regra de WCCP para integrar meu ASA
> ao meu Ironport.
> Tenho o seguinte topologia:
> 
> (Notebook/ Dispositivos Moveis) - > *[SSID - Guest]* -> AP -> Controller ->
> *[DHCP Server(172.20.5.0/24)]* -> *[172.20.5.1]* ASA *[192.168.0.1]*-> *[Rede
> Interna - 192.168.0.0/24]* -> Ironport[192.168.0.9]
> 
> Configuração WCCP no ASA
> access-list Rede_WCCP extended permit tcp object Rede_Guest any eq www
> access-list Rede_WCCP_Cache extended permit object-group
> DM_INLINE_SERVICE_8 object Rede_Guest any
> access-list Rede_WCCP_Cache extended permit tcp any eq www object
> Rede_Guest inactive
> wccp web-cache redirect-list Rede_WCCP group-list Rede_WCCP password *****
> wccp 90 redirect-list Rede_WCCP_Cache group-list Rede_WCCP_Cache password
> *****
> wccp interface Guest web-cache redirect in
> wccp interface Guest 90 redirect in
> 
> No Ironport eu configurei da seguinte maneira:
> Type: WCCPv2
> Service Profile Name: HTTPS
> Service: Dynamic service ID: 90
>             Port numbers: 443
> Router IP Addresses: 172.20.5.1
> Router Security: Enable Security for Service
>               Password: xxxxxx
> 
> Service Profile Name: HTTP
> Service: Standard service ID: 0 web-cache (destination port 80)
> Router IP Addresses: 172.20.5.1
> Router Security: Enable Security for Service
>               Password: xxxxxx
> 
> E no status do serviço no ASA Venho recebendo o seguinte erro:
> Global WCCP information:
>    Router information:
>    Router Identifier:                   -not yet determined-
>    Protocol Version:                    2.0
> 
>    Service Identifier: web-cache
>    Number of Cache Engines:             0
>    Number of routers:                   0
>    Total Packets Redirected:            0
>    Redirect access-list:                Rede_WCCP
>    Total Connections Denied Redirect:   0
>    Total Packets Unassigned:            0
>    Group access-list:                   Rede_WCCP
>    Total Messages Denied to Group:      1183
>    Total Authentication failures:       0
>    Total Bypassed Packets Received:     0
> 
>    Service Identifier: 90
>    Number of Cache Engines:             0
>    Number of routers:                   0
>    Total Packets Redirected:            0
>    Redirect access-list:                Rede_WCCP_Cache
>    Total Connections Denied Redirect:   0
>    Total Packets Unassigned:            0
>    Group access-list:                   Rede_WCCP_Cache
>    Total Messages Denied to Group:      10230
>    Total Authentication failures:       0
>    Total Bypassed Packets Received:     0
> 
> Agradeço a atenção de todos.
> 
> -- 
> Atenciosamente
> 
> Fabio Silva
> LPIC-1 | Novell CLA 11 | Novell DCTS | TrendMicro CSE
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter




More information about the gter mailing list