Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Cisco: NSP

WCCP with a PIX-515 and CE-590, any config suggestions to make this play?

  

 
Cisco nsp RSS feed   Index | Next | Previous | View Threaded


howard at leadmon

Jul 10, 2008, 8:23 AM

Post #1 of 3 (604 views)
Permalink
WCCP with a PIX-515 and CE-590, any config suggestions to make this play?
I just happened to end up with a CE-590 falling into my hands, so figured
I'd try and learn a little about it. In my network here I have a PIX-515
firewall running the 8.x code base. On the Content Engine I loaded up the
lastest ACNS 5.5.x code for it.

Looking at the various docs, it seems like almost a no-brainer to set this
thing up to use WCCP, so off I went. I put in the configs on both the CE
and PIX and it showed the GRE tunnel was up and happy. Still it doesn't seem
to be caching pages from what I can see on the CE.

I went to a webserver I control at a remote location, as according to the
docs it will actually show the requesting IP as coming from the
cache-engine, plus I would assume on successive page reloads it would get it
from the CE, not keep asking the remote web-server. Which is not the case,
funny though as if I told the CE I wanted HTTP auth to access things, it
sure enforced that.

On the CE I have the following in the config:
!
http proxy incoming 80
!
wccp router-list 1 xx.xx.xx.xx (xx is the IP address of the PIX)
wccp web-cache router-list-num 1
wccp version 2
!


On the PIX I have the following.

!
wccp web-cache
wccp interface LAN web-cache redirect in
!


Where of course LAN is my inside interface on my network.

Maybe I am missing something, but from all I can find, making the two talk
WCCP to each other to cache web requests looks like it should be that
simple. As I am not having much luck, I figured I'd see if anyone here has
worked with this combination before, and what you did to get it all going..


---
Howard Leadmon



_______________________________________________
cisco-nsp mailing list cisco-nsp[at]puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


ghostonthewire at gmail

Jul 11, 2008, 6:20 AM

Post #2 of 3 (579 views)
Permalink
Re: WCCP with a PIX-515 and CE-590, any config suggestions to make this play? [In reply to]
hi, Howard.

Howard Leadmon wrote:
> On the CE I have the following in the config:
> !
> http proxy incoming 80
> !
> wccp router-list 1 xx.xx.xx.xx (xx is the IP address of the PIX)
> wccp web-cache router-list-num 1
> wccp version 2
> !
>
>
> On the PIX I have the following.
>
> !
> wccp web-cache
> wccp interface LAN web-cache redirect in
> !
>
>
> Where of course LAN is my inside interface on my network.
>
> Maybe I am missing something, but from all I can find, making the two talk
> WCCP to each other to cache web requests looks like it should be that
> simple. As I am not having much luck, I figured I'd see if anyone here has
> worked with this combination before, and what you did to get it all going..

I do not have hands on expirience on proprietary caching engines. I'm
happy with Squid + PIX 8.x. But, definitialy you miss

wccp web-cache redirect-list webcache_redirect group-list webcache_group

statement, where webcache_redirect -- source addresses you wanna perform
caching for, and webcache_group lists your cache engines.
_______________________________________________
cisco-nsp mailing list cisco-nsp[at]puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


adrian at creative

Jul 11, 2008, 11:12 PM

Post #3 of 3 (572 views)
Permalink
Re: WCCP with a PIX-515 and CE-590, any config suggestions to make this play? [In reply to]
.. i just saw this post.

*puts on WCCP hat, wishes he had a PIX hat to put on*

On Fri, Jul 11, 2008, ghostonthewire wrote:
> hi, Howard.
>
> Howard Leadmon wrote:
> >On the CE I have the following in the config:
> >!
> >http proxy incoming 80
> >!
> >wccp router-list 1 xx.xx.xx.xx (xx is the IP address of the PIX)

^-- right, so is the cache registering?

> >wccp web-cache router-list-num 1
> >wccp version 2

Ok.

> >On the PIX I have the following.
> >
> >!
> >wccp web-cache
> >wccp interface LAN web-cache redirect in

.. which should redirect traffic from all LAN ports to the WCCP cache,
and hopefully not redirect traffic from the cache itself.

> >Where of course LAN is my inside interface on my network.
> >
> >Maybe I am missing something, but from all I can find, making the two talk
> >WCCP to each other to cache web requests looks like it should be that
> >simple. As I am not having much luck, I figured I'd see if anyone here
> >has
> >worked with this combination before, and what you did to get it all going..

if this were a router, I'd do:

"show ip wccp web-cache detail"

to see if the router is seeing the cache, see what redirection/assignment method
its chosen, and make sure that its actively redirecting traffic -to- the thing.

> wccp web-cache redirect-list webcache_redirect group-list webcache_group
>
> statement, where webcache_redirect -- source addresses you wanna perform
> caching for, and webcache_group lists your cache engines.

I know the -routers- don't require a web cache group to be defined (but its a
good thing to do, much like enabling MD5 auth :) but I haven't got a PIX
yet to test it out on.



Adrian

--
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
_______________________________________________
cisco-nsp mailing list cisco-nsp[at]puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Cisco nsp RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.