Cisco Cisco Web Security Appliance S670 故障排查指南
Question:
ASA 8.1 not redirecting traffic when WCCP access−list has port numbers
Environment:
Cisco Web Security Appliance WSA) all AsyncOS versions
Cisco ASA running version 8.1.x
Cisco Web Security Appliance WSA) all AsyncOS versions
Cisco ASA running version 8.1.x
Symptoms:
WCCP stops redirecting traffic after a while or will not redirect traffic at all.
•
WCCP redirection may work for a while after a proxy restart, but will stop shortly after.
•
The ASA version 8.1 has limitations in regards to using access lists, that specify port numbers, for WCCP
redirection. The ASA won't support WCCP redirect access−list with port numbers.
redirection. The ASA won't support WCCP redirect access−list with port numbers.
To address the issue, the WCCP access list will need to be reconfigured without port numbers.
Example:
# access−list WSAWEB1 extended permit tcp any any eq www
Should be changed to...
# access−list WSAWEB1 extended permit ip any any
Note:
Routers and switches do not have any restrictions in the redirect list. More information here.
•
ASA version 8.2 and above does not have this limitation
•
Updated: Aug 12, 2014
Document ID: 118274