Adrian Chadd wrote:
> Didn't someone point out a few weeks ago that Cisco only support wccp redirection on
> the same interface as clients?
>
> the ASA is probably (quite rightly, its a firewall!) dropping the packets coming in
> from the DMZ as they're spoofed from another interface it knows about.
>
> You may be short of luck; you may have to put the proxy on INSIDE. See if that works.
> I'd offer better advice but I don't have an ASA to actually do testing on..
Actually, it depends on the firewall configuration mode... if it's in
transparent mode, you're s.o.l, as the max number of interfaces == 3
(including the management interface). If it's in routed mode, you stand
a better chance, and can enable communication between the interfaces.
The logging buffer will reveal all though.
-- Tony Dodd, Systems Administrator Last.fm | http://www.last.fm Karen House 1-11 Baches Street London N1 6DL check out my music taste at: http://www.last.fm/user/hawkeviperReceived on Thu Dec 20 2007 - 20:45:17 MST
This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:02 MST