Help with Cisco ASA w/CSC-SSM and WCCP Configuration..

Discussion in 'Cisco' started by Ambassador Kosh, Sep 1, 2009.

  1. I figured I would post here and see if anyone has set this up before, and
    come across a decent solution for the issue I am currently trying to work
    through.

    First off I have a Cisco ASA-5510 with the CSC-SSM-10 module installed in
    it. The ASA is running the most current 8.2.1 code, and the CSC is running
    the most current 6.3.1172.0 code from Cisco's site. I do have all this up
    and running at this time, and it works. I also have a Cisco Content
    Engine-590 that I have had online here for a while (with only a T1, saving
    re-grabbing large image content on sites is a plus). I also have the most
    current ACNS software 5.5.13 loaded on the 590 as well, and it's configured
    to work with the ASA using WCCPv2.

    OK, so now the issue. It is all working, but apparently WCCP and the ASA
    requests are handled before the CSC module, so any and all web requests
    being processed by the CSC-SSM-10 module all look as though they are coming
    from a single IP address (the IP of the CE590). In some ways, I guess one
    could say that was great as you will sure never have to worry about running
    past the 50 user limit of the default CSC license, as it only sees stuff
    from a single IP. Of course like all things there is a catch, and for me
    this is the issue I have. I want to use the Content Filtering function of
    the CSC-SSM, and limit people based on either the internal IP address, or I
    see I can also use the NT Active Directory info. In fact I even tried to
    use the AD plugin, but as it sees the IP of the CE590, again it won't find
    any logged in users. So due to this, I can't enforce content restrictions
    on certain users, as everything appears as a single User/IP.

    So the million dollar question is, has anyone setup and used the ASA w/CSC
    module along with a Content Engine (web cache) in transparent mode via
    WCCP, and been able to make the CSC module see the individual IP's/Users
    inside?? I tried tweaking a couple items in the CE590 but that only
    resulted in things breaking, so put it all back. If anyone has any ideas
    on how to accomplish this, or any material on doing this, it would be most
    appreciated..
     
    Ambassador Kosh, Sep 1, 2009
    #1
    1. Advertisements

  2. Hey,

    Sounds like you want the ACNS to spoof the client IP. Command is
    here : http://www.cisco.com/en/US/docs/app...5_13/command/reference/9361r10.html#wp1059044
    .. I've never configured this on an ASA before, however I assume it's
    the same as switches/routers. Just make sure the return traffic (ie:
    from the WAN through the ASA) will be intercepted via WCCP correctly.

    Let me know if this is what you're looking for.

    Regards,
    Ruairi
     
    Ruairi Carroll, Sep 2, 2009
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.