[squid-users] Squid Transparent WEB Captatif : Cisco ASA WCCP

Yuri Voinov yvoinov at gmail.com
Fri Jul 15 17:52:54 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 


15.07.2016 21:52, Maxime Lambert пишет:
> Hi everyone !!
>
> My issue is that i didn't received any data in access.log. I work on
Ubuntu Server 16.04 with Squid 5.3.20 compiled with :
> ./configure --prefix=/usr --localstatedir=/var
--libexecdir=${prefix}/lib/squid --datadir=${prefix}/share/squid
--sysconfdir=/etc/squid --with-default-user=proxy
--with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid
--with-openssl --enable-icmp *--enable-linux-netfilter --enable-wccpv2*
--enable-gnuregex --enable-xmalloc-statistics --enable-async-io
--enable-delay-pools --enable-useragent-log --enable-kill-parent-hack
--enable-htpc --enable-forw-via-db --enable-cache-digests
--enable-dl-malloc --enable-time-hack --enable-ssl --enable-ssl-crtd
>
> This is my conf :
>
>                  Internet
>                        |
>                        |                           10.12.3.200
>                Cisco-ASA  -----------------------  Squid Server
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2
>                        |   10.12.1.1
>                        |
>               /------------------------/
>                                    |
>                                    |   10.12.2.18
>                               Client
>
> If my Squid server is UP my client can't go on web, else if my Squid
server is DOWN he can surf on it.
>
> I've allow localnet 10.12.1.0/24.
> And i've tunnel GRE, and my Cisco saw it.
Why you are using GRE as assignment method when your clients and proxy
in the same L2 segment? Reasonable to use L2 method, which is hardware
accelerated.
>
> squid.conf :  
>         ...
>         http_port 80 intercept                                     
<== Should I write intercept or transparent ?
If your using Squid 3.5.20, this must be intercept, as documented in
manuals - did you read it?
>         http_port 3128       
>         wccp_version 2                                              
<== Should I write 2 or 4 ?
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2
>         wccp2_router 10.12.1.1
>         wccp2_forwarding_method 1                          <== Should
I write gre or 1 ?
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2
>         wccp2_return_method 1                                  <== Should I write  gre or 1 ?
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2
>         wccp2_service standard 0 password=XXXX
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2
>
> I've also : ip tunnel add wccp0 mode gre remote 10.12.1.1 local
10.12.12.200 dev ens32
>
> I received packet WCCP "Are you here - I see you..."
>
> But i can't access on web with my client if Squid server is UP and my
access.log file stay empty... Could you help me ?
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2
>
>
> Best regards,
>
> Maxime Lambert
>
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXiSLyAAoJENNXIZxhPexGEFcIAMSKBWzRlc4mUQ6OZ2LHchLC
CC2b0q28Kg3U4dnOpM+wrHJaxAt363CTn2LTa7kHGUoKNmOGZqTZgH9KvcxYn2JB
8WYIg6oIdnsdHvWXkcfI99U6dvOCUOylc8u5cNtc6w0k6/p73IBHR9ZCHTTGfvhx
x6UxSrIDHUy448qsQkQwIy6BiO0S+Jt1bmAZ1j8toMB2ikPzNBW24utwWOVutEb3
XIvuebtyNAcYVu6+twCy3/DQKhjHzaaHCYZfPiXLsPtdnXbQD+SOVFNtjuQ0NWjA
9ebnv8FbZpuJL1o3H0F3xCuIJ8PePhbZAARjtP8fDfrIQMjFk01Ve9NvzhBZOcs=
=3Q2B
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160715/ee60b96d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160715/ee60b96d/attachment-0001.key>


More information about the squid-users mailing list