Cisco Cisco Catalyst 6500 Series 7600 Series ASA Services Module

Cisco Systems, Inc.
www.cisco.com

This guide describes how to redirect traffic to a device using the Web Cache Communication Protocol 
(WCCP). You would do this only if you install a WCCP-enabled device and you want to apply the 
services provided by that device to traffic that flows through the Cisco ASA.

WCCP is a content routing protocol that allows you to transparently redirect traffic to a WCCP-enabled 
device. The device can then apply its services to the redirected traffic.

For example, the Cisco Web Security Appliance (WSA) can apply application filtering, URL filtering, 
malware prevention, and other services to the redirected traffic.

The specific services that can be applied to traffic can vary based on the WCCP-enabled device. See the 
documentation for the device for detailed information about configuring services on that device.

When you redirect traffic using WCCP, keep the following behavior in mind:

An inbound access rule always takes higher priority over WCCP. For example, if an interface ACL 
does not permit a client to communicate with a server, then the matching traffic is simply dropped, 
it is not redirected.

TCP intercept, authorization, URL filtering, inspection engines, and IPS features are not applied to 
a redirected flow of traffic.

When a device cannot service a request and returns a packet to the ASA, then the contents of the 
traffic flow is subject to all the other configured features of the ASA.