Knowledgebase

Barracuda's award-winning technical support is available 24x7 worldwide.
Your time is valuable, which is why we will always connect you with a live person.


Does the Barracuda Web Filter support WCCP? How would I set that up?

Solution #00003305

Scope:
All Barracuda Web Filter models 410 and above deployed as a WCCPv2 cache engine on firmware versions 6.0.0.009 and above.
A Cisco switch/router with at least one VLAN, WCCPv2, GRE encapsulation, and HASH routing method support.
This solution is not suitable for Cisco ASA.

Answer:
1.) Create a separate VLAN on the Cisco device with the service.
hostname(config)#interface vlan 101 (new VLAN id)
hostname(config-if)#ip address 192.168.1.1 255.255.255.0
hostname(config-if)#no shutdown
hostname(config-if)#exit
hostname(config)#vlan 101
hostname(config)#interface fa3 ( identify the interface for the new VLAN)
hostname(config-if)#switchport mode access ( or switchport protected)
hostname(config-if)#switchport access vlan 101 (new VLAN id)
hostname(config-if)#ip wccp web-cache
hostname(config-if)#ip wccp 80
hostname(config-if)#ip wccp 90
hostname(config-if)#ip wccp 91
hostname(config-if)#exit
hostname(config)#interface vlan 1 ( default vlan)
hostname(config-if)#ip wccp web-cache redirect in
hostname(config-if)#ip wccp 80 redirect in
hostname(config-if)#ip wccp 90 redirect in
hostname(config-if)#ip wccp 91 redirect in
hostname(config-if)#exit

2.) Remember to save your work.

3.) Give the Barracuda an IP address on the same VLAN.
a. Verify that the Barracuda can talk to the Cisco appliance. Use Ping on the Advanced > Troubleshooting tab
of the Barracuda Web Filter to verify.
In ping, enter: 192.168.1.1

4.) Web Filter Setup:
a. Navigate to the Basic > Ip Configuration tab.
b. WCCP Router IP: 192.168.1.1
c. WCCP Router ID IP: 192.168.1.1
d. Enable WCCP: Yes

5.) Verify that the Cisco and Barracuda are communicating.
a. Navigate to the Advanced > Troubleshooting tab
b. In tcpdump enter: -i eth1 ?n udp port 2048 (610 or higher use eth2)

6.) Verify that the Cisco can see the Barracuda as a Cache Engine.
hostname(config)#show ip wccp summary
WCCP version 2 enabled, 4 services
Service Clients Routers Assign Redirect Bypass
------- ------- ------- ------ -------- ------
Default routing table (Router Id: 192.168.1.1):
web-cache 1 1 HASH GRE GRE
80 1 1 HASH GRE GRE
90 1 1 HASH GRE GRE
91 1 1 HASH GRE GRE

Additional Notes:
NTLM and Kerberos Authentication will NOT work if your Barracuda Web Filter has been set up using WCCP to route traffic. NTLM and Kerberos authentication mechanisms require that the Barracuda Web Filter be a trusted host in the Windows Domain and that it receive traffic directly from the users (as a proxy). In WCCP deployments, the Barracuda Web Filter receives outgoing traffic via the Router. The authentication method to use for this deployment would be LDAP and can be used in conjunction with the dc agent.
Also: Make sure to use the Barracuda Web Security Gateway LAN port to connect to your WCCP enabled router or switch. If you are using the Barracuda Web Security Gateway 1010 or 1011, you must use the LAN1 port.


Link to This Page:
http://www.barracuda.com/kb?id=50160000000H9bT