Path: Cache > Transparent Handling
Figure 103
The Transparent Handling tab lets you configure the appliance as a transparent proxy server. It lets you specify which ports and IP addresses the appliance listens on for transparent requests.
Enable Transparent Client Acceleration (Transparent Proxy---L4 Switch Support): Enables the appliance to handle transparent proxy services. You must also check the IP addresses for this service in Cache > Client Accelerator > the Proxy IP Addresses list.
Proxy Ports: The ports from which the appliance receives transparent proxy requests and sends requested data back to the requesting browsers.
Exception IP Addresses: A list of origin server IP addresses. Browser requests to these addresses will bypass Excelerator's transparent handling service and be sent directly to the origin server.
Proxy IP Addresses: The addresses that are enabled for transparent proxy services and to which HTTP requests are forwarded by the L4 switch, WCCP-capable router, or appliance internal router.
IMPORTANT: Two restrictions apply:
Router Options: Enables the appliance to act as a router. The appliance provides basic routing without additional configuration. For information about setting up alternate routes and so on, see Router Options Dialog Box.
Enable Access Control: <>. For details, see Access Control Options Dialog Box.
Enable WCCP: Enables WCCP-capable routers to route HTTP requests to the appliance. You must also select the version of WCCP used by the routers and configure WCCP options so that routers can recognize the appliance and know how to work with it. For more information, see WCCP Version 1.0 Options Dialog Box and WCCP Version 2.0 Options Dialog Box.
Enable Authentication: Checking this box causes the appliance to require authentication of users wanting to use its transparent proxy services. Click Authentication to display the Add Authentication Profiles dialog box. For more information, see Add Authentication Profiles Dialog Box.
SSL Listening Port: The port on which the appliance listens for authentication requests.
IMPORTANT: Excelerator requires each service (including authentication) to use a unique IP address and port combination. The default authentication port is 443. Attempts to enable authentication for more than one service on the same IP address and port will result in a TCP bind error.
Certificate: Drop-down list that displays any certificate you have stored on your appliance. System-generated certificates do not appear in the list.
Use this field to select the certificate you created specifically for the appliance's transparent services. This will prevent browsers from receiving certificate confirmation messages each time they access the appliance. For more information, see Managing Appliance Certificates.
Error Handling Method: Lets you select a method for handling origin server error pages. You can have the appliance send a cache error to the browser, reset the connection with the browser, or transparently pass through the message from the origin server.
Enable X-Forwarded-For: Headers used to pass browser ID information along with browser request packets. If the headers are included, Web servers can determine the origin of browser requests they receive. If the headers are not included, browser requests have anonymity.
Checking the X-Forwarded-For option causes the appliance to either add information to an existing X-Forwarded-For or Forwarded-For header, or to create a header if one doesn't already exist.
Leaving the option unchecked causes the appliance to remove X-Forwarded-For headers from any transparent proxy requests passing through the appliance.
You must weighYou must weigh the desires of browser users to remain anonymous against the desires of Web server owners (e-commerce sites, for example) to collect data about who is accessing their site.
Enable Logging for Transparent Handling: Enables logging of transparent activity.
Log Options: Lets you specify how often new log files are started and how long log files are retained. See Using Appliance Logging Services and Log Options Dialog Box.
Enable Custom Cache Control Header: Lets you enable the caching of objects on the appliance while preventing caching by requesting browsers.
Custom cache control headers are designed primarily to be used in Web server accelerators. However, very large hosting sites sometimes prefer to place forward or transparent accelerators in front of their server farms rather than creating hundreds or even thousands of Web server accelerator services.
For details on how the headers work, see Custom Cache Control Header Dialog Box.
Allow HTTP CONNECT Method: Lets you enable the transparent proxy service to use the HTTP CONNECT method. For details, see Managing HTTP CONNECT Method Support.
Allow Only SSL CONNECT Traffic: Lets you have Excelerator check to ensure that HTTP CONNECT requests to the transparent service contain SSL-related traffic. For details, see Managing HTTP CONNECT Method Support.
Advanced Options: Lets you control the TCP receive window size for cache device fills from origin Web servers, the caching of objects on the cache device that would not normally be cached, and the filling and vending of browser no-cache requests by the cache device. For details, see Advanced Options (Tuning) Dialog Box.
Path: Cache > Transparent Handling > Enable WCCP > WCCP V1 Options > WCCP Options
Figure 104 
The WCCP Version 1.0 Options dialog box lets you configure the appliance to provide configuration information to the router that uses WCCP 1.0. The router can work with multiple appliances, but an appliance can work with only one WCCP 1.0 router.
Proxy Name: Not required for router configuration. This is provided for your reference only. You can use text of any length and content for the name.
Farm Name: Not required for router configuration. This is provided for your reference only. You can use text of any length and content for the name.
WCCP Router: The address of the WCCP-capable router. The appliance uses this address to request that the router route HTTP traffic to the appliance.
WCCP Cache: The address of the transparent proxy service on the appliance. The router routes HTTP traffic to this address.
Path: Cache > Transparent Handling > Enable WCCP > WCCP V2 Options > WCCP Options
Figure 105 
The WCCP Version 2.0 Options dialog box lets you configure the appliance to provide configuration information to the routers that use WCCP 2.0.
Cisco* recommends that you use IOS 12.05t or later for WCCP 2.0 to work as planned.
Cache IP Address: The address of a transparent proxy service on the appliance. The router routes HTTP traffic to this address. This address should also be the appliance's main connection to the Internet.
WCCP Router Connection: Option used to specify how the router and appliance are connected:
Use Unicast: Option which causes the appliance to communicate with the configured WCCP 2.0 routers using UDP packets and enables the WCCP Router Addresses list.
WCCP Router Addresses: The addresses of one or more WCCP-capable routers. The appliance uses these addresses to request that the routers route HTTP traffic to the appliance.
Use Multicast: Option which causes the appliance to use multicast packets for requesting that WCCP 2.0 routers route traffic to the appliance.
Multicast Address: Multicast address for your network. The appliance verifies that the address is valid when you click OK.
Enable Web-Cache Service (Port 80 Only): Checking this option causes the appliance to register with the WCCP-capable routers for receiving port 80 transparent proxy traffic.
Password: If you enter a password, the appliance signs WCCP version 2 communication packets with an MD5 hash or "signature" of the password you enter. The valid string range is one to seven characters.
Enable Custom-Web-Cache Service (Other Transparent Ports): Check this option if your WCCP-capable routers handle transparent proxy traffic on multiple ports.
Service ID: The service ID that Cisco routers use for the multiple port service. Currently, the only valid value is 98.
Password: If you enter a password, the appliance signs WCCP 2.0 communication packets with an MD5 hash or signature of the password you enter. The valid string range is one to seven characters.
Path: Cache > Transparent Handling > Router Options
Figure 106 
The Router Options dialog box lets you set up static routes and cause the appliance to maintain and use RIP tables.
For an overview of appliance routing capabilities, see Router Capabilities.
Enable RIP: Causes the appliance to use the Routing Information Protocol (RIP) to build and maintain a table of the shortest routes to destinations.
Show Routes: See Routes Dialog Box.
Reset Learned Routes: Causes the RIP table to be cleared. The appliance then begins building the table from scratch.
Default Gateway: The gateway for requests to destinations not covered by host or network gateways.
Host Gateways: Lets you set routing for requests to specific hosts. Packets are checked against these routes first. Packets not routed are then checked against the network gateways table.
Network Gateways: Lets you set routing for requests to specific networks. Packets not fitting the host gateways criteria are checked against the routes in these tables, beginning with the most restrictive routes. Packets not routed are then sent to the default gateway.
For more detail on the fields in this dialog box, see Additional Gateways Dialog Box.