Руководство По Устранению Ошибки для Cisco Cisco Web Security Appliance S670
encrypted files, voice calls). This information is communicated via the Don't Fragment (DF) bit inside the IP
header. Routers drop packets like these, but the router tries to report to the end host via Internet Control
Message Protocol (ICMP) message (type 3−Destination unreachable, code 4 − fragmentation needed, but DF
bit set). This way, the host knows to send smaller packets in the future.
header. Routers drop packets like these, but the router tries to report to the end host via Internet Control
Message Protocol (ICMP) message (type 3−Destination unreachable, code 4 − fragmentation needed, but DF
bit set). This way, the host knows to send smaller packets in the future.
This is the heart of path MTU discovery. You can send large packets with the DF bit set in order to see
whether they make it towards the end or if you receive an ICMP report as previously described. Once you
determine the maximum workable packet size, use it for any further communications. Refer to RFC 1191 for
more information.
whether they make it towards the end or if you receive an ICMP report as previously described. Once you
determine the maximum workable packet size, use it for any further communications. Refer to RFC 1191 for
more information.
The Web Security Appliance (WSA) employs path MTU discovery by default. Thus, all its generated packets
have the DF bit set by the default configuration.
have the DF bit set by the default configuration.
WCCP
If you need to impose security into your network on the web traffic without others' knowledge, you run their
traffic via a proxy that is not visible. WCCP is the protocol that is used to communicate between the device
that intercepts (router/firewall) and the web cache engine/proxy, which is WSA in this case.
traffic via a proxy that is not visible. WCCP is the protocol that is used to communicate between the device
that intercepts (router/firewall) and the web cache engine/proxy, which is WSA in this case.
This diagram illustrates how traffic flows in this scenario: