Hi Eugene, YES, the IOS router can redirect to different interface. If the WSA is on L2 segment with the router, there is only L2 information changed in the redirected packets. When the WSA is in far network from the router, then GRE encapsulation is used and L3 information is changed to redirect the traffic.
Regards, Piotr 2010/11/11 Eugene Pefti <[email protected]> > Hi Piotr, > > One more off topic question. If I were to do redirection to the interface > other than the interface where the traffic entered the host doing WCCP I > wouldn’t be able to use ASA for it. Will the IOS router be able to do such > kind of WCCP redirection, i.e. catching the HTTP traffic on one interface > and send it to the other interface where WSA is connected to? > > > > Eugene > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Piotr Matusiak > *Sent:* Wednesday, November 10, 2010 12:19 PM > *To:* Paul Tribe > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] IronPort WSA > > > > Hi Paul, > > The ASA 8.3 can only redirect web traffic using WCCP when the traffic > enters on the same interface it goes it. For example, if the web traffic > enters the ASA on the outside interface (facing the Internet), the ASA > cannot redirect it to a device, such as the WSA, on the inside interface. > > This depends on your topology, but I'd suggest using the router behind the > ASA to redirect HTTP traffic to the WSA - this is much simpler solution. > > HTH, > Piotr Matusiak > > 2010/11/5 Paul Tribe <[email protected]> > > Hi > > > > I realise this is off topic, but has anyone had any experience of > configuring the IronPort WSA to communicate with an ASA in order to use the > Mobile User Security feature for AnyConnect. I need to know the mechanics of > how this functions as there appears to be nothing about in the ASA 8.3 guide > and in the WSA 7 guide it does not specify which ASA interface the WSA > should communicate with (I would imagine this would be the inside). The > problem I have is that when I configure the communication on the inside > interface all I get is the ASA discarding the TCP packets. The config > appears really straight forward whereby you simply configure the WSA with > the IP address of the ASA and configure both appliances with a matching > password and port number. > > > > Paul > > > Confidentiality Statement > > This email (and any attachment) is confidential and may be legally > privileged. It is intended solely for the use of the individual or entity to > whom it is addressed. If you received this message in error please tell us > by reply (or telephone the sender) and delete all copies on your system. Any > review, dissemination, distribution, copying or other use of this > communication or the information in it is strictly prohibited. The sender > does not accept liability for any errors or omissions > > Whilst Nowcomm have taken reasonable precautions to ensure that any > attachments to this email has been swept for viruses, we cannot accept > liability for any damage sustained as a result of software viruses and would > advise that you carry out your own virus checks before opening any > attachment. > > HELP THE ENVIRONMENT - THINK BEFORE YOU PRINT! Do you really need to print > a copy of this email? If you do need to print remember to consider economy > printer settings. > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
