Cisco ASA 5510 WCCP config

We've got WCCP enabled on our ASA route which is used by a Sophos web appliance.  

access-list wccp-server extended permit ip host 192.168.0.121 any
access-list wccp-traffic extended deny ip 192.168.0.0 255.255.255.0 209.223.80.0 255.255.255.0
access-list wccp-traffic extended permit ip 192.168.0.0 255.255.255.0 any

wccp web-cache redirect-list wccp-traffic group-list wccp-server
wccp 70 redirect-list wccp-traffic group-list wccp-server
wccp interface inside web-cache redirect in
wccp interface inside 70 redirect in

I've got a wireless network on 10.0.0.0/8 that I've got a guest network setup on that I'd like to bypass the WCCP.  Can anyone help with this config?
tbeasley123Asked:
Who is Participating?
 
Henk van AchterbergSr. Technical ConsultantCommented:
access-list wccp-traffic extended permit ip 10.0.0.0 255.0.0.0 any

wccp interface wifi web-cache redirect in
wccp interface wifi 70 redirect in
0
 
amatson78Sr. Security EngineerCommented:
If you want it to "BYPASS" redirection than you want to use a "Deny" statement not a permit as stated above. If the 10.0.0.0/8 network is on the same interface then you need to edit that set of access rules:

# config t
# access-list wccp-traffic extended line 2 ip 10.0.0.0 255.0.0.0 any <options>

Open in new window


This will insert the deny into line 2 of the access list and move the rest down placing it above any of the "Permit" statements which is how an ACL should properly be built.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.