Cisco Cisco Web Security Appliance S160 Guía Del Usuario
25-14
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 25 Configuring Network Settings
Configuring Transparent Redirection
•
Router security and password
Note
Cisco suggests using a service ID number from 90 to 97 for the WCCP service used for the return path
(based on the source port).
(based on the source port).
For more information about creating WCCP services, see
Adding and Editing a WCCP Service
You must create at least one WCCP service when you configure the transparent redirection device as a
WCCP router. If IP spoofing is enabled on the appliance, you must create two WCCP services. For more
information about IP spoofing, see
WCCP router. If IP spoofing is enabled on the appliance, you must create two WCCP services. For more
information about IP spoofing, see
.
Step 1
Navigate to the Network > Transparent Redirection page.
Step 2
Verify the transparent redirection device is a WCCP v2 router. If it is not, click Edit Device to change it.
Step 3
To add a WCCP service, click Add Service. Or, to edit a WCCP service, click the name of the WCCP
service in the Service Profile Name column.
service in the Service Profile Name column.
Step 4
Configure the WCCP options.
describes the WCCP options.
Table 25-3
WCCP Service Options
WCCP Service Option
Description
Service Profile Name
Enter a name for the WCCP service.
Service
Use this section to describe the service group for the router.
Choose to create either a standard (“well known”) or dynamic service
group.
group.
If you create a dynamic service, enter the following information:
•
Service ID. Enter any number from 0 to 255 in the Dynamic Service
ID field.
ID field.
•
Port number(s). Enter up to eight port numbers for traffic to redirect
in the Port Numbers field.
in the Port Numbers field.
•
Redirection basis. Choose to redirect traffic based on the source or
destination port. Default is destination port.
destination port. Default is destination port.
To configure Native FTP with transparent redirection and IP spoofing,
choose Redirect based on source port (return path) and set the
source port to 13007.
choose Redirect based on source port (return path) and set the
source port to 13007.
•
Load balancing basis. When the network uses multiple Web Security
appliances, you can choose how to distribute packets among the
appliances. You can distribute packets based on the server or client
address. When you choose client address, packets from a client always
get distributed to the same appliance. Default is server address.
appliances, you can choose how to distribute packets among the
appliances. You can distribute packets based on the server or client
address. When you choose client address, packets from a client always
get distributed to the same appliance. Default is server address.
For more information about well known and dynamic service groups, see