Environment:
Squid server: Ubuntu 8.10 Server Edition IP Address:192.168.50.100/24
ASA5510: E0/1 inside IP Address:192.168.50.1/24
Local Network: 10.1.0.0/16
ASA5510: E0/1 inside IP Address:192.168.50.1/24
Local Network: 10.1.0.0/16
1. ASA WCCP Configuration
ASAconfig)#access-list PROXY extended permit 10.1.0.0 255.255.0.0 any eq www
ASAconfig)# wccp web-cache redirect-list PROXY
ASA(config)# wccp interface inside web-cache redirect in
ASAconfig)#access-list PROXY extended permit 10.1.0.0 255.255.0.0 any eq www
ASAconfig)# wccp web-cache redirect-list PROXY
ASA(config)# wccp interface inside web-cache redirect in
2. Squid Installation
root@ubuntu-squid:~# apt-get install squid
root@ubuntu-squid:~# vi /etc/squid/squid.conf
http_port 3128 transparent
wccp2_router 192.168.50.1
root@ubuntu-squid:~# apt-get install squid
root@ubuntu-squid:~# vi /etc/squid/squid.conf
http_port 3128 transparent
wccp2_router 192.168.50.1
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
acl all src 0.0.0.0/0.0.0.0
http_access allow all
cache_mem 256MB
cache_dir ufs /var/spool/squid 10240 16 256
wccp2_return_method 1
wccp2_assignment_method 1
acl all src 0.0.0.0/0.0.0.0
http_access allow all
cache_mem 256MB
cache_dir ufs /var/spool/squid 10240 16 256
3. Linux Server Configuration
root@ubuntu-squid:~# vi /etc/rc.local
#setup gre tunnel to ASA. Remote is the WCCP route identifier and local is the ip address of Squid
ip tunnel add wccp0 mode gre remote 192.168.50.1 local 192.168.50.100 dev eth0
ifconfig wccp0 inet 127.0.0.3 netmask 255.255.255.255 up
root@ubuntu-squid:~# vi /etc/rc.local
#setup gre tunnel to ASA. Remote is the WCCP route identifier and local is the ip address of Squid
ip tunnel add wccp0 mode gre remote 192.168.50.1 local 192.168.50.100 dev eth0
ifconfig wccp0 inet 127.0.0.3 netmask 255.255.255.255 up
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/wccp0/rp_filter
iptables -F -t nat
iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.50.100:3128
echo 0 > /proc/sys/net/ipv4/conf/wccp0/rp_filter
iptables -F -t nat
iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.50.100:3128
4. Verify Configuration
ASA# sh wccp
ASA# sh wccp
Global WCCP information:
Router information:
Router Identifier: 192.168.50.1
Protocol Version: 2.0
Router information:
Router Identifier: 192.168.50.1
Protocol Version: 2.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 7611
Redirect access-list: PROXY
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 7611
Redirect access-list: PROXY
root@ubuntu-squid:~# tail /var/log/squid/access.log
1246847635.924 2 10.1.254.115 TCP_IMS_HIT/304 445 GET http://wiki.squid-cache.org/wiki/squidtheme/css/screen.css - NONE/- text/css
1246847635.927 2 10.1.254.115 TCP_IMS_HIT/304 444 GET http://wiki.squid-cache.org/wiki/squidtheme/css/print.css - NONE/- text/css
1246847635.924 2 10.1.254.115 TCP_IMS_HIT/304 445 GET http://wiki.squid-cache.org/wiki/squidtheme/css/screen.css - NONE/- text/css
1246847635.927 2 10.1.254.115 TCP_IMS_HIT/304 444 GET http://wiki.squid-cache.org/wiki/squidtheme/css/print.css - NONE/- text/css
5. Related Information
http://wiki.squid-cache.org/ConfigExamples/NatAndWccp2
http://wiki.squid-cache.org/ConfigExamples/NatAndWccp2