Adrian Chadd wrote:
> Didn't someone point out a few weeks ago that Cisco only support wccp redirection on
> the same interface as clients?
I hope so! If so, could someone pipe up again please? I can't find any support for this idea from cisco.
> the ASA is probably (quite rightly, its a firewall!) dropping the packets coming in
> from the DMZ as they're spoofed from another interface it knows about.
>
Actually they are spoofed from an external public address it knows nothing about, but yes, I agree that it's dropping them, and that under normal operation it should do so.
> You may be short of luck; you may have to put the proxy on INSIDE. See if that works.
> I'd offer better advice but I don't have an ASA to actually do testing on..
That works perfectly, but I'd rather not have it there unless I really must. I'd like to exhaust the DMZ solution first.
Received on Thu Dec 20 2007 - 20:44:55 MST
This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:02 MST