Configure a transparent proxy Squid redirection with a Cisco ASA via WCCP. Squid is already configured with authorization through Active Directory (Kerberos and LDAP groups), works if the client to register proxy settings. The OS used is CentOS 7, installed on the virtual machine. The IP address of the physical interface of the proxy server is 172.31.4.64 / 24. The IP adress of the ASA internal interface is 172.31.0.4 / 24.
: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:50:56:af:43:91 brd ff:ff:ff:ff:ff:ff inet 172.31.4.64/24 brd 172.31.4.255 scope global noprefixroute ens32 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:feaf:4391/64 scope link valid_lft forever preferred_lft forever
Configured tunneling in CentOS 7:
modprobe ip_gre ip tunnel add wccp0 mode gre remote 172.31.0.4 local 172.31.0.150 dev ens32 ip link set wccp0 up
Then I created /etc/sysconfig/network-scripts/ifcfg-eth0 file. I do not understand how to describe it when in the case of a tunnel on the ASA the external and internal address of the tunnel is the same:
ONBOOT=YES DEVICE=ens32 IPADDR=172.31.0.150 MY_INNER_IPADDR=172.31.0.150 MY_OUTER_IPADDR=172.31.4.64 PEER_INNER_IPADDR=172.31.0.4 PEER_OUTER_IPADDR=172.31.0.4
After that the network disappears at all, which is understandable. Tried to connect the second physical network interface and assigned it the address 172.31.0.150 / 24, applied different options how to configure, but in any way. Squid Settings:
http_port 172.31.4.64:3128 http_port 172.31.0.150:3127 intercept wccp2_router 172.31.0.4 wccp2_forwarding_method gre wccp2_return_method gre wccp2_service standard 0 password=cisco
ASA settings. 172.31.10.71 - the address of the test machine, while on it check.
object network local_pc host 172.31.10.71 access-list redirect_to_squid extended permit tcp object local_pc any eq www wccp web-cache redirect-list redirect_to_squid password cisco wccp interface inside web-cache redirect in
If who faced, please help. Thanks in advance.