After much troubleshooting, tracing and head scratching, we found out why!
Unlike Squid, Fortigate as WCCP client can only do GRE return mode. ASA’s WCCP server implementation, on the other hand, do not support GRE return mode.
Well, Fortigate as WCCP client can also do both L2 forward & return mode, but ASA can't do L2 mode at all.
Well, Fortigate as WCCP client can also do both L2 forward & return mode, but ASA can't do L2 mode at all.
So, in essence, **they** don’t talk. At least, for the time being, you can’t deploy ASA as WCCP server and have Fortigate as WCCP client.
Note: BlueCoat as a WCCP client can do all of those modes, L2, Return directly to client and GRE return.
- http://www.crypt.gen.nz/papers/cisco_squid_wccp.html (I like the diagram there, essentially showing the "direct-to-client" return method.)
- Cisco Catalyst 6500 Series Switches - WCCP Network Integration with Cisco Catalyst 6500: Best Practice Recommendations for Successful Deployments
- Cisco Catalyst 6500 Series Switches - WCCP Network Integration with Cisco Catalyst 6500: Best Practice Recommendations for Successful Deployments
“….WCCP redirection is supported only on the ingress of an interface. The only topology that the adaptive security appliance supports is when client and cache engine are behind the same interface of the adaptive security appliance and the cache engine can directly communicate with the client, without going through the adaptive security appliance….”
No comments:
Post a Comment