We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

Does the Barracuda Web Filter support WCCP? How would I set that up?

  • Type: Knowledgebase
  • Date changed: 10 months ago
Solution #00003305

All Barracuda Web Filter models 410 and above deployed as a WCCPv2 cache engine on firmware versions and above.
A Cisco switch/router with at least one VLAN, WCCPv2, GRE encapsulation, and HASH routing method support.
This solution is not suitable for Cisco ASA.

1.) Create a separate VLAN on the Cisco device with the service.
hostname(config)#interface vlan 101 (new VLAN id)
hostname(config-if)#ip address
hostname(config-if)#no shutdown
hostname(config)#vlan 101
hostname(config)#interface fa3 ( identify the interface for the new VLAN)
hostname(config-if)#switchport mode access ( or switchport protected)
hostname(config-if)#switchport access vlan 101 (new VLAN id)
hostname(config-if)#ip wccp web-cache
hostname(config-if)#ip wccp 80
hostname(config-if)#ip wccp 90
hostname(config-if)#ip wccp 91
hostname(config)#interface vlan 1 ( default vlan)
hostname(config-if)#ip wccp web-cache redirect in
hostname(config-if)#ip wccp 80 redirect in
hostname(config-if)#ip wccp 90 redirect in
hostname(config-if)#ip wccp 91 redirect in

2.) Remember to save your work.

3.) Give the Barracuda an IP address on the same VLAN.
a. Verify that the Barracuda can talk to the Cisco appliance. Use Ping on the Advanced > Troubleshooting tab
of the Barracuda Web Filter to verify.
In ping, enter:

4.) Web Filter Setup:
a. Navigate to the Basic > Ip Configuration tab.
b. WCCP Router IP:
c. WCCP Router ID IP:
d. Enable WCCP: Yes

5.) Verify that the Cisco and Barracuda are communicating.
a. Navigate to the Advanced > Troubleshooting tab
b. In tcpdump enter: -i eth1 ?n udp port 2048 (610 or higher use eth2)

6.) Verify that the Cisco can see the Barracuda as a Cache Engine.
hostname(config)#show ip wccp summary
WCCP version 2 enabled, 4 services
Service Clients Routers Assign Redirect Bypass
------- ------- ------- ------ -------- ------
Default routing table (Router Id:
web-cache 1 1 HASH GRE GRE

Additional Notes:
NTLM and Kerberos Authentication will NOT work if your Barracuda Web Filter has been set up using WCCP to route traffic. NTLM and Kerberos authentication mechanisms require that the Barracuda Web Filter be a trusted host in the Windows Domain and that it receive traffic directly from the users (as a proxy). In WCCP deployments, the Barracuda Web Filter receives outgoing traffic via the Router. The authentication method to use for this deployment would be LDAP and can be used in conjunction with the dc agent. 

Also: Make sure to use the Barracuda Web Security Gateway LAN port to connect to your WCCP enabled router or switch. If you are using the Barracuda Web Security Gateway 1010 or 1011, you must use the LAN1 port.

Link to This Page: