Answer the question
In order to leave comments, you need to log in
How to set up transparent proxying of Squid + Cisco ASA over WCCP?
Colleagues, good afternoon.
I am setting up a transparent Squid proxy with redirection from Cisco ASA to WCCP. Squid itself is already configured with authorization through Active Directory (Kerberos and LDAP groups), it works if the client has proxy settings. The OS used is CentOS 7, installed on a virtual machine. The physical interface address of the proxy server is 172.31.4.64 /24. The address of the ASA interface with which the device "looks" to the internal network is 172.31.0.4 /24.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:af:43:91 brd ff:ff:ff:ff:ff:ff
inet 172.31.4.64/24 brd 172.31.4.255 scope global noprefixroute ens32
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:feaf:4391/64 scope link
valid_lft forever preferred_lft forever
modprobe ip_gre
ip tunnel add wccp0 mode gre remote 172.31.0.4 local 172.31.0.150 dev ens32
ip link set wccp0 up
ONBOOT=YES
DEVICE=wccp0
TYPE=GRE
IPADDR=172.31.0.150 # Внутренний адрес туннеля
MY_INNER_IPADDR=172.31.0.150 # Внутренний адрес туннеля
MY_OUTER_IPADDR=172.31.4.64 # Внешний адрес, на котором будем создавать туннель
PEER_INNER_IPADDR=172.31.0.4 # Внутренний адрес туннеля с другой стороны
PEER_OUTER_IPADDR=172.31.0.4 # Внешний адрес, куда будет создаваться туннель
http_port 172.31.4.64:3128
http_port 172.31.0.150:3127 intercept
wccp2_router 172.31.0.4
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_service standard 0 password=cisco
object network local_pc host 172.31.10.71
access-list redirect_to_squid extended permit tcp object local_pc any eq www
wccp web-cache redirect-list redirect_to_squid password cisco
wccp interface inside web-cache redirect in
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question