Help with Cisco ASA w/CSC-SSM and WCCP Configuration..

I figured I would post here and see if anyone has set this up before, and come across a decent solution for the issue I am currently trying to work through.

First off I have a Cisco ASA-5510 with the CSC-SSM-10 module installed in it. The ASA is running the most current 8.2.1 code, and the CSC is running the most current 6.3.1172.0 code from Cisco's site. I do have all this up and running at this time, and it works. I also have a Cisco Content Engine-590 that I have had online here for a while (with only a T1, saving re-grabbing large image content on sites is a plus). I also have the most current ACNS software 5.5.13 loaded on the 590 as well, and it's configured to work with the ASA using WCCPv2.

OK, so now the issue. It is all working, but apparently WCCP and the ASA requests are handled before the CSC module, so any and all web requests being processed by the CSC-SSM-10 module all look as though they are coming from a single IP address (the IP of the CE590). In some ways, I guess one could say that was great as you will sure never have to worry about running past the 50 user limit of the default CSC license, as it only sees stuff from a single IP. Of course like all things there is a catch, and for me this is the issue I have. I want to use the Content Filtering function of the CSC-SSM, and limit people based on either the internal IP address, or I see I can also use the NT Active Directory info. In fact I even tried to use the AD plugin, but as it sees the IP of the CE590, again it won't find any logged in users. So due to this, I can't enforce content restrictions on certain users, as everything appears as a single User/IP.

So the million dollar question is, has anyone setup and used the ASA w/CSC module along with a Content Engine (web cache) in transparent mode via WCCP, and been able to make the CSC module see the individual IP's/Users inside?? I tried tweaking a couple items in the CE590 but that only resulted in things breaking, so put it all back. If anyone has any ideas on how to accomplish this, or any material on doing this, it would be most appreciated..

Reply to
Ambassador Kosh
Loading thread data ...

Hey,

Sounds like you want the ACNS to spoof the client IP. Command is here :

formatting link
I've never configured this on an ASA before, however I assume it's the same as switches/routers. Just make sure the return traffic (ie: from the WAN through the ASA) will be intercepted via WCCP correctly.

Let me know if this is what you're looking for.

Regards, Ruairi

Reply to
Ruairi Carroll

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.