Showing results for 
Search instead for 
Did you mean: 


WCCP redirection on IPsec tunnels


Branch router is connected to Central Office via IPsec tunnel, on LAN interface there is ip wccp 61 redirect in configured. Where should the ip wccp 62 redirect in be configured - on the physical WAN interface or on the tunnel interface or should I configure ip wccp 61 redirect in and ip wccp 62 redirect out on the router's LAN interface? Can there be some negative impact if redirection is configured on virtual tunnel interface or physical interface with crypto map applied?

Ryan Posey

I have done this on a ton of routers using VTI tunnels with IPSec encryption applied. Works like a charm

Interface Gi0/X

ip wccp 61 redirect in

Interface Tunnel X

ip wccp 62 redirect in

What happens if you put "ip wccp 62 redirect in" on the WAN interface?

Would router be able to see the traffic?

Also isn't it also a valid config to apply "ip wccp 62 redirect out" on the LAN (Gi0/x) interface as well?

Juan Leon
Cisco Employee

Hi regarding this question, you may configure the service 61 out and 62 in on the WAN interface, but need to remember to configure the ip wccp redirect exclude in on the interface where the WAAS appliance is connected to in order to avoid a possible loop. As well remember that the egress ( redirect out) may lead to high CPU utilization on the router since it will get the traffic leaving the router and switch it back in order to perform the inspection for WCCP and to realize if the packet needs to be redirected to WAAS.

This works well, even though Cisco recommends to use redirect 61 in on the LAN interface and 62 in on the WAN interface for a better performance on the router.

Hope this helps.