Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Web Security Appliance S670
11121314151617181920
Table Of Contents
15
Cisco AnyConnect Secure Mobility Solution Guide
Cisco AnyConnect Secure Mobility Solution Guide
Supported Architectures
Architecture Scenario 4, Non-WCCP Router
Figure 4 illustrates the architecture described in this section.
Figure 4 Using WCCP on the ASA
The deployment scenario in Figure 4 illustrates using WCCP on the ASA to
redirect web traffic to the WSA instead of using a WCCP router for traffic
redirection. In the deployment scenarios documented previously, a WCCP router
is used to transparently redirect web traffic to the WSA. You might want to use
this architecture if you do not have a router that is WCCP enabled. Instead, you
can use the WCCP functionality in the ASA to redirect web traffic to the WSA.
You can use any router in this deployment scenario.
With the deployment scenario in Figure 4, the ASA forwards all VPN traffic to its
tunnel default gateway, router A (route inside 0.0.0.0 0.0.0.0 192.168.1.2
255.255.255.0 Tunneled
). Router A then returns VPN web traffic back to the
ASA (
ip route 0.0.0.0 0.0.0.0 192.168.1.1), and forwards non-web traffic
based on its routing table. The ASA then uses WCCP to redirect web traffic to the
WSA for scanning.
Like the architectures discussed previously, the WSA must be configured with a
default route to the Internet gateway to enforce its policies. In addition, the WSA
must be configured with a route (
route 10.10.10.0/8 192.168.1.1) back to the
ASA to return scanned traffic back to the AnyConnect client.