Skip to main content

transparent proxy on cisco ASA5510 + squid

More
12 years 10 months ago #37019 by eldo
transparent proxy on cisco ASA5510 + squid was created by eldo
transparent proxy on cisco ASA5510 + squid


Hello,

I have configured transparent proxy on my cisco ASA5510 and also squid on Linux server by
theese manuals:
parvinderbhasin.blogspot.com/2009/06/squ...cisco-asa-setup.html
wiki.squid-cache.org/Features/Wccp2#Squid_box_OS_configuration
readlist.com/lists/squid-cache.org/squid-users/3/16930.html

but always recieved this logs on cisco ASA5510:

4|Jun 01 2011 14:47:40|313005: No matching connection for ICMP error message: icmp src servers:192.168.1.130 dst identity:212.89.229.2 (type 3, code 3) on servers interface. Original IP payload: <unknown>.
3|Jun 01 2011 14:47:40|313001: Denied ICMP type=3, code=3 from 192.168.1.130 on interface servers

when I'm trying to connect from workstation 192.168.1.164 to 194.160.23.22:80

Have you any idea what to do?

##################################################################
My config:

interface Ethernet0/0
nameif outside
security-level 0
ip address 212.89.x.x 255.255.255.x
ospf cost 10

access-list outside-acl-in extended permit icmp any any

interface Ethernet0/1.20
vlan 20
nameif servers
security-level 90
ip address 192.168.1.1 255.255.255.0

access-list servers-acl-in extended permit icmp any any


wccp web-cache
wccp interface servers web-cache redirect in
##################################################################
Debug:

asa5510# sh wccp web-cache

Global WCCP information:
Router information:
Router Identifier: 212.89.x.x - router public IP
Protocol Version: 2.0

Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 0
Redirect access-list: -none-
Total Connections Denied Redirect: 0
Total Packets Unassigned: 8
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0


asa5510# sh wccp web-cache detail

WCCP Cache-Engine information:
Web Cache ID: 192.168.1.130 - my squid
Protocol Version: 2.0
State: Usable
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 2
Connect Time: 00:00:30
##################################################################

Thanks eldo
Time to create page: 0.141 seconds