WEB CACHING Feature in Cisco ASA :- Web caching is used to reduce latency and the amount of traffic when downloading web content. Assuming a web cache server is deployed, when a user accesses a web site, the content that is downloaded is cached on the cache server. Subsequent access to the same content is then delivered from the local cache server versus downloading the content from the original server. The Web Cache Communications Protocol (WCCP) allows the security appliances to interact with external web cache and/or filtering servers.
WCCP Process :-
1. The user opens a web page, where the connection (or connections) makes its way to the appliance.
2. The appliance intercepts the web connection request, encapsulates it in a Generic Routing Encapsulation (GRE) packet to prevent modification by intermediate devices, and forwards it to the web cache server.
3. If the content is cached in the server, it responds to the user directly with the content.
4. If the content is not cached in the server, a response is sent to the appliance, and the appliance allows the user’s connection to proceed to the original web server.
Some of the benefits of WCCP include:-
- Users don’t have to change their web browser settings.
- The web caching server can perform optional content filtering.
- Bandwidth is optimized if the content the user is requesting has been previously cached on the web cache server.
- The web cache server can log and report web requests by your users.
WCCP Configuration :- WCCP support is new in version 7.2 of the appliances’ OS. Enabling WCCP redirection of users’ web requests is a two-step process:
- Defining a WCCP server group
- Enabling WCCP on an interface
Defining a WCCP Server Group :- To define the WCCP server group (the web cache servers), use the following command: ciscoasa(config)# wccp {web-cache | service_number} [redirect-list ACL_ID] [group-list ACL_ID] [password password]
The web-cache parameter causes the appliance to intercept TCP port 80 connections and to redirect the traffic to the web cache servers. You can redirect other protocols, like FTP, by specifying a service number, which ranges from 0 to 254. For example, service 60 represents FTP. The redirect-list parameter controls what traffic is redirected to the service group (defined in an ACL), and the group-list command specifies the IP addresses of the web cache servers (defined in a standard ACL). The password parameter specifies the MD5 key used to create and validate the MD5 authentication signatures used by the web cache servers.
Enabling WCCP Redirection on an Interface :-
The second step is to enable WCCP redirection on the interface connected to the users and web cache server(s): ciscoasa(config)# wccp interface logical_if_name {web-cache | service_number} redirect in
This command needs to be executed for each service number.
NOTE:- WCCP web redirection is only supported inbound on an interface. Likewise, the users and web cache server(s) must be behind the same interface—the appliance won’t take a user’s web request on one interface and redirect to a web cache server on a different interface.
WCCP Verification :-
To verify the operation of WCCP, use the following command:
ciscoasa# show wccp {web-cache | service_number} [detail] [view]
The detail parameter displays information about all the router/web server caches;the view parameter displays other members of a particular server group that have or haven’t been detected.
WCCP Configuration Example :- Notice that the users and the web cache server are located off the same interface on the appliance. Here’s the appliance configuration for WCCP:
ciscoasa(config)# wccp web-cache password myMD5password
ciscoasa(config)# wccp interface inside web-cache redirect in Hope you like my post WEB CACHING Feature in Cisco ASA, Please Share with others. For more tips visit my other website www.rumyhacktips.com