Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1043 Views 2 Replies Latest reply: Dec 13, 2012 9:10 AM by wspek RSS
wspek Newcomer 2 posts since
Dec 12, 2012
Currently Being Moderated

Dec 12, 2012 9:40 AM

ASA + WCCP + MWG - cannot get it to work

Hi all,


I am trying to configure the following:


  • ASA firewall ( on inside interface, on outside)
  • Windows PC ( behind the inside interface on VLAN 18 (
  • MWG ( behind that same interface on VLAN 18 (
  • WCCP on ASA, so HTTP(S) traffic from PC gets redirected through MWG towards the internet.


I followed these links, and tried to combine them into a working solution:


But I am stuck. My current config on the ASA:


sh run

: Saved


ASA Version 8.0(4)


hostname TestASA

domain-name test.loc

enable password pLtl8QpOvBmee4.r encrypted

passwd 2KFQnbNIdI.2KYOU encrypted



interface Vlan18

nameif inside

security-level 100

ip address


interface Vlan20

nameif outside

security-level 0

ip address


interface Ethernet0/0

switchport access vlan 20


interface Ethernet0/1

switchport access vlan 17


interface Ethernet0/2

switchport access vlan 19


interface Ethernet0/3

switchport access vlan 18


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


ftp mode passive

dns server-group DefaultDNS

domain-name test.loc

access-list acl_in extended permit icmp any any echo log

access-list acl_in extended permit icmp any any echo-reply log

access-list acl_in extended permit ip host any

access-list acl_in extended permit ip host any log

access-list acl_out extended permit tcp any any eq www

access-list acl_out extended permit tcp any any eq https

access-list acl_out extended permit tcp any any eq telnet

access-list acl_out extended permit icmp any any echo log

access-list acl_out extended permit icmp any any echo-reply log

access-list acl_out extended permit ip any any log

access-list outside_access_in extended permit ip any any

access-list wccp-servers extended permit ip host any

access-list wccp-traffic extended permit ip any

pager lines 24

logging enable

logging buffered debugging

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-615.bin

asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1

access-group acl_in in interface inside

access-group outside_access_in in interface outside

access-group acl_out out interface outside

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh inside

ssh inside

ssh outside

ssh outside

ssh outside

ssh outside

ssh outside

ssh outside

ssh timeout 5

console timeout 0


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

wccp web-cache redirect-list wccp-traffic group-list wccp-servers

wccp interface inside web-cache redirect in

username woody password 5CZn8bTKqMGMtL01 encrypted


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp


service-policy global_policy global

prompt hostname context


: end



Please see the attached screenshots for my MWG config.


My OUTPUT of the # debug wccp events command:


WCCP-EVNT:???: Here_I_Am packetfrom no such service (Type: Dynamic,Id: 51)


It seems that I am still missing components. A service? Where and how should I define service 51?


Kind regards


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 5 points
  • Helpful Answers - 3 points