Cisco asa + squid + wccp



  • Hi,
    i used worked perfectly setup on CentOS:

    iOS configuration for CiscoASA:
    access-list wccp_redirect extended deny ip host $SQUID-IP any
    access-list wccp_redirect extended permit tcp 192.168.1.0 255.255.255.0 any eq www
    wccp web-cache redirect-list wccp_redirect password cisco
    wccp interface inside web-cache redirect in

    and add custom config to squid as:
    wccp2_router $IP-OF-ROUTER
    wccp2_forwarding_method gre
    wccp2_return_method gre
    wccp2_service standard 0 password=cisco

    OS configuration for RedHat:
    modprobe ip_gre
    ip tunnel add wccp0 mode gre remote $ASA-EXT-IP local $SQUID-IP dev eth0
    ifconfig wccp0 $SQUID-IP netmask 255.255.255.255 up
    iptables -t nat -A PREROUTING -i wccp0 -p tcp –dport 80 -j REDIRECT --to-port 3129
    iptables -t nat -A POSTROUTING -j MASQUERADE

    now pfsense is also there with:
    PfSense 2.3.2-RELEASE (amd64)  built on Tue Jul 19 12:44:43 CDT 2016 FreeBSD 10.3-RELEASE-p5
    Squid Version 3.5.19_1
    i want to ask what things i need to do wccp with PfSense & cisco with SQUID method GRE wccp

    how i create GRE tunnel from PfSense to CISCO from PfSerne.
    what else i need to work on PfSense ?

    could you tell me the configuration ?

    Best regards.


Log in to reply