Cisco ASA and Squid with WCCP2

by Ruslan   Last Updated July 10, 2018 07:00 AM

Configure a transparent proxy Squid redirection with a Cisco ASA via WCCP. Squid is already configured with authorization through Active Directory (Kerberos and LDAP groups), works if the client to register proxy settings. The OS used is CentOS 7, installed on the virtual machine. The IP address of the physical interface of the proxy server is / 24. The IP adress of the ASA internal interface is / 24.

: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:af:43:91 brd ff:ff:ff:ff:ff:ff
    inet brd scope global noprefixroute ens32
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:feaf:4391/64 scope link
       valid_lft forever preferred_lft forever

Configured tunneling in CentOS 7:

modprobe ip_gre
ip tunnel add wccp0 mode gre remote local dev ens32
ip link set wccp0 up

Then I created /etc/sysconfig/network-scripts/ifcfg-eth0 file. I do not understand how to describe it when in the case of a tunnel on the ASA the external and internal address of the tunnel is the same:


After that the network disappears at all, which is understandable. Tried to connect the second physical network interface and assigned it the address / 24, applied different options how to configure, but in any way. Squid Settings:

http_port intercept

wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_service standard 0 password=cisco

ASA settings. - the address of the test machine, while on it check.

object network local_pc host
access-list redirect_to_squid extended permit tcp object local_pc any eq www
wccp web-cache redirect-list redirect_to_squid password cisco
wccp interface inside web-cache redirect in

If who faced, please help. Thanks in advance.

Related Questions

Missing ssl_crtd folder with Squid 3.5.2 / CentOS

Updated April 06, 2015 20:00 PM

squid bypass for a domain

Updated January 18, 2018 02:00 AM

Squid loads webpages incorrectly

Updated September 30, 2015 12:00 PM

Display a message to all Squid Proxy users

Updated October 06, 2015 22:00 PM

Squid 3.5 deprecated. Switch to 4?

Updated January 10, 2019 15:00 PM