Hi,
I try to setup squid on wccp redirection with a Cisco ASA firewall:
- squid :
Squid Cache: Version 3.1.20
configure options: --enable-ltdl-convenience
- CIsco ASA 8.2.2
My problem is with a assymettric path, the redirect was made by the
ASA and the squid receive the SYN packet on the GRE interface but
reply (SYN,ACK) on the ethernet interface.
So I see on some post , I need to "masquerade" the traffic to force
the return path on the GRE, I have tried this but without effect , I
can see the rules are matched:
Chain PREROUTING (policy ACCEPT 2656 packets, 317K bytes)
pkts bytes target prot opt in out source
destination
2802 135K REDIRECT tcp -- wccp0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 redir ports 3139
Chain POSTROUTING (policy ACCEPT 8582 packets, 562K bytes)
pkts bytes target prot opt in out source
destination
28516 1866K MASQUERADE all -- * * 0.0.0.0/0
0.0.0.0/0
I found this post
(http://www.mail-archive.com/squid-users@squid-cache.org/msg64899.html),
where "tom" says with a Cisco ASA, you need to have the proxy server
also on the clients LAN... I tried this and I can see it's works with
this rule but for me it's not a usuable topology
Anyone have a idea for make the redirection working where the clients
and the proxy aren't on the same LAN
Thanks for any tips.
Received on Mon Jul 09 2012 - 08:52:22 MDT
This archive was generated by hypermail 2.2.0 : Mon Jul 09 2012 - 12:00:01 MDT