I configured the PIX to redirect WCCP packets from a BlueCoat Proxy server. When my clients make a HTTP request, they don't get Internet response, even though I see packets redirected in the PIX.
The home-router in the BlueCoat is the PIX inside interface (10.2.0.1). The BlueCoat default gateway is 10.2.0.6. My understanding is the BlueCoat home-router must match the IP address of the PIX.(which it does)
This is the config on the PIX.
access-list WCCP_Traffic extended deny ip 10.5.0.0 255.255.0.0 10.2.0.0 255.255.0.0 log disable
access-list WCCP_Traffic extended permit ip 10.2.0.0 255.255.0.0 any
access-list WCCP_Traffic extended permit ip 10.5.0.0 255.255.0.0 any log disable
wccp 10 redirect-list WCCP_Traffic
wccp 11 redirect-list WCCP_Traffic
wccp interface inside 10 redirect in
wccp interface inside 11 redirect in
This is the wccp settings in the BlueCoat:
;WCCP Settings
;Version 1.3
wccp enable
wccp version 2
service-group 11
forwarding-type GRE
assignment-type hash
priority 1
protocol 6
service-flags destination-port-hash
service-flags ports-defined
ports 1080 1863 5050 5101 5190 6891 0 0
interface 0:0
home-router 10.2.0.1
end
wccp version 2
service-group 10
forwarding-type GRE
assignment-type hash
priority 1
protocol 6
service-flags destination-port-hash
service-flags ports-defined
ports 80 443 554 714 1755 0 0 0
interface 0:0
home-router 10.2.0.1
end
Is the BlueCoat suppose to have a Default Gateway and a static default route pointing to the Default Gateway?
ip default-gateway 10.2.0.6
ip route 0.0.0.0 0.0.0.0 10.2.0.6
Any help will be highly appreciated.
Thank you
Merlin
The home-router in the BlueCoat is the PIX inside interface (10.2.0.1). The BlueCoat default gateway is 10.2.0.6. My understanding is the BlueCoat home-router must match the IP address of the PIX.(which it does)
This is the config on the PIX.
access-list WCCP_Traffic extended deny ip 10.5.0.0 255.255.0.0 10.2.0.0 255.255.0.0 log disable
access-list WCCP_Traffic extended permit ip 10.2.0.0 255.255.0.0 any
access-list WCCP_Traffic extended permit ip 10.5.0.0 255.255.0.0 any log disable
wccp 10 redirect-list WCCP_Traffic
wccp 11 redirect-list WCCP_Traffic
wccp interface inside 10 redirect in
wccp interface inside 11 redirect in
This is the wccp settings in the BlueCoat:
;WCCP Settings
;Version 1.3
wccp enable
wccp version 2
service-group 11
forwarding-type GRE
assignment-type hash
priority 1
protocol 6
service-flags destination-port-hash
service-flags ports-defined
ports 1080 1863 5050 5101 5190 6891 0 0
interface 0:0
home-router 10.2.0.1
end
wccp version 2
service-group 10
forwarding-type GRE
assignment-type hash
priority 1
protocol 6
service-flags destination-port-hash
service-flags ports-defined
ports 80 443 554 714 1755 0 0 0
interface 0:0
home-router 10.2.0.1
end
Is the BlueCoat suppose to have a Default Gateway and a static default route pointing to the Default Gateway?
ip default-gateway 10.2.0.6
ip route 0.0.0.0 0.0.0.0 10.2.0.6
Any help will be highly appreciated.
Thank you
Merlin