Vichao Saenghiranwathana wrote:
> What I have done so far are
> 1. Connected squid transparent proxy server with ASA5510 via eth0 interface
>
> 2. Set up NAT at ASA5510 to map squid transparent proxy
> server(192.168.9.251) with the public ip (203.130.133.9)
>
There should be no need for NAT on the ASA. Relevant packets get
_routed_ down the WCCP tunnel to the Squid box where NAT happens.
Squid outbound traffic gets the same handling any outbound traffic would
(except pushing back down the wccp tunnel).
> 3. Configured eth0 interface
> eth0.0 ----------> 192.168.9.251
> eth0.1 ----------> 203.130.133.9
>
> 4. Added wccp to squid.conf
> http_port 3128 transparent
> # ###### 192.168.9.253 is ASA5510
> wccp2_router 192.168.9.253
> wccp2_forwarding_method 1
> wccp2_return_method 1
> wccp2_assignment_method 1
> httpd_accel_no_pmtu_disc on
>
> 5. Used is following command
> modprobe ip_gre
> iptunnel add gre0 mode gre remote 192.168.9.253 local 192.168.9.251 dev eth0.0
> ifconfig gre0 inet 192.168.9.251 netmask 255.255.255.0 up
> ip link set eth0 mtu 1400
> ip link set gre0 mtu 1400
> echo 1 > /proc/sys/net/ipv4/ip_forward
> echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
> echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter
> iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j
> REDIRECT --to-port 3128
>
> 6. Cisco config
> wccp web-cache
> wccp interface inside web-cache redirect in
>
> This is my network diagram
> Network diagram : http://dl.dropbox.com/u/5966530/Network%20Diagram_small.jpg
>
> I would like to know if I missed some steps or I did something wrong.
>
> Your help will be greatly appreciated!
>
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1Received on Thu Apr 08 2010 - 07:03:20 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 08 2010 - 12:00:03 MDT
