cancel
Showing results for 
Search instead for 
Did you mean: 
McAfee Employee

WCCP with Multiple Service IDs for Using Different Gateways or Clusters

If you want to have a single router or switch that uses WCCP to two different web gateways or sets of web gateways you can do so with multiple services and redirect lists. This is useful when there is an existing web gateway already using WCCP and the desire is to test a new web gateway on the production network for a subset of clients without disturbing the bulk of the clients.

The following example is for an existing service ID of 90 and a new service ID of 51, internal addresses all in 192.168.0.0/16, McAfee Web Gateway IP address of 192.168.0.222 and original web gateway at 192.168.0.221, you want clients matching 192.168.1.0/24 to use 51 and all other clients to keep using the service ID of 90. Note the first command which is required to properly check both services and access lists and the addition of the “denies” (of the new web gateway and the clients that will use the new service) directly before the permit in the original access list (wccplist1).

ip wccp check services all

ip wccp 90 redirect-list wccplist1     

ip wccp 51 redirect-list wccplist2

ip access-list extend wccplist1

deny host 192.168.0.222

deny host 192.168.0.221

deny ip 192.168.1.0 0.0.0.255 any

permit tcp 192.168.0.0 0.0.255.255 any eq www

deny ip any any

ip access-list extend wccplist2

deny host 192.168.0.222

deny host 192.168.0.221

permit tcp 192.168.1.0 0.0.0.255 any eq www

deny ip any any

The above is an untested example, however a similar configuration has been tested and is operational on 15.0(1)M3, RELEASE SOFTWARE (fc2)

If this or a similar configuration works for you, please comment below with your configuration and version used

0 Kudos