Cisco Cisco Web Security Appliance S360 故障排查指南
WCCP redirect access−list configuration in ASA is
not working with an object−group
not working with an object−group
Document ID: 118239
Contributed by Raam Muthusamy and Siddharth Rajpathak, Cisco TAC
Engineers.
Engineers.
Aug 12, 2014
Contents
Question:
Question:
Why is WCCP redirect access−list configuration on ASA, to redirect traffic to WSA, not working with an
object−group?
object−group?
Environment:
Cisco Web Security Appliance (WSA)
•
Cisco ASA
•
WCCP redirect 'access−list' configued with 'object−group'
•
Symptoms:
ASA doesn't redirect traffic to the WSA or redirection breaks after sometime if WCCP redirect
access−list is configured with an object−group
access−list is configured with an object−group
•
WCCP redirect 'access−list' configuration does not support more than 64 characters per line.
When an object−group is included, it will most likely exceed the 64 character limit and make the WCCP ACL
invalid. This would typically cause the WCCP redirection to not work.
invalid. This would typically cause the WCCP redirection to not work.
Below is an excerpt of the "redirect−list" option from Cisco's documentation:
Redirect list (Optional): Used with an access list that controls traffic redirected to this service
group. The access−list argument should consist of a string of no more than 64 characters
(name or number) that specifies the access list.
group. The access−list argument should consist of a string of no more than 64 characters
(name or number) that specifies the access list.
Below documentation provides information on all options available in the 'wccp' command on ASA
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/uz.html#wp1573973
Updated: Aug 12, 2014
Document ID: 118239