Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Enabling WCCP processing for a service group
Help | Content Gateway | Version 8.1.x
For each WCCP v2 service group that you configure, you must enable WCCP processing.
WCCP v2 routers contain multiple network interfaces, including:
*
*
*
Following are some guidelines for enabling WCCP processing for a service group on a router. Consult the procedures in your router documentation for specifics.
1.
ip wccp <service group ID> password [0-7] <passwd>
2.
 
Note 
The following are examples. Be sure to substitute the service group IDs that you have established on your router(s).
First, select the interface to configure:
interface <type> <number>
Second, establish your redirection rules:
ip wccp <service group ID> redirect in
Examples for inbound redirection:
Run these commands for each protocol that you want to support, but only on the interface(s) dedicated to inbound (ingress) traffic.
For example, to turn on redirection of HTTP destination port traffic, enter:
ip wccp 0 redirect in
To turn on redirection of HTTPS destination port traffic:
ip wccp 70 redirect in
To turn on redirection of FTP destination port traffic enter:
ip wccp 5 redirect in
To turn on redirection of HTTP source port traffic, which is required for IP spoofing, enter:
ip wccp 20 redirect in
Examples for outbound (egress) redirection:
Run these commands for each protocol that you want to support, but only on the interface(s) dedicated to outbound (egress) traffic.
First, select the interface to configure:
interface <type> <number>
Second, establish your redirection rules:
ip wccp <service group ID> redirect out
For example, to turn on redirection for HTTP, enter:
ip wccp 0 redirect out
To turn on redirection for HTTPS:
ip wccp 70 redirect out
To turn on redirection for FTP enter:
ip wccp 5 redirect out
3.
IMPORTANT: When ARM dynamic or static bypass is enabled, or IP spoofing is enabled, and redirection is on the outbound (egress) interface, exclude redirection of Content Gateway outbound packets on the router interface that handles Content Gateway's egress traffic. See the illustration, below.
a.
interface <type> <number>
b.
ip wccp redirect exclude in
When ARM bypass occurs, or IP spoofing is enabled, the proxy sends traffic to the Internet with the original source IP address. The "redirect exclude in" command prevents the router from looping the traffic back to Content Gateway.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Copyright 2016 Forcepoint LLC. All rights reserved.