Has anyone successfully configured 2 or more Web Gateway appliances to use IP Spoofing with WCCP?
We have a bandwidth management appliance that we use in conjuntion with our internet connection. It used to be in place between the Firewall and a single Web Gateway appliance in Transparent mode with IP Spoofing enabled. The shaping appliance could see the Client IP addresses and perform shaping based on source subnet. Any traffic between the Web Gateway Appliance and the LAN was not shaped.
We later added a Cisco router to enable WCCP instead of using Transparent Bridge mode, we also added a second Web Gateway appliance at that time. - At that time we started experiencing HTTPS traffic loss to the internet and had to disable IP Spoofing. Disabling IP spoofing forced us to move the Shaping appliance between the LAN and the Cisco Router, which send traffic to the Web Gateways using WCCP. Now the Web Gateway Appliances have unlimited bandwidth to the internet, so the appliance can download files quickly and scan them, but the download from the appliance to the client is shaped and can be slow at times.
We would like to put our shaping appliance back in its original place, but we cannot figure out how to get IP spoofing to work properly.
Worked on this case and we found that the assignment method what was causing issues. Hash was being used, which caused the Cisco device to incorrectly route packets back to the Web Gateways (so SYN would hit mwgA, but SYN ACK would come back and hit mwgB). Once we changed the assignment method to mask, everything as has been working so far.