10-14-2017 01:03 PM - edited 02-21-2020 06:29 AM
After cleaning up names in many object groups which required the removal of the wccp config lines, I can't put back the wccp config for service groups 0 and 70, I'm receiving the following error:
"ERROR: Can't change redirect-acl, first remove wccp configuration and re-enter with new redirect-acl"
The config has no wccp info left except "wccp 0" and "wccp 70" which can't be removed and means I can't set the redirect lists (these 2 lines appear to be stuck in the config)
Here is the CLI session attempting to confgure the 2 entries:
--
ASA5555X# conf t
ASA5555X(config)# wccp 0 redirect-list WCCP_WS-REDIRECT group-list WCCP_WS-PROXY
ERROR: Can't change redirect-acl, first remove wccp configuration and re-enter with new redirect-acl
ASA5555X(config)# wccp 70 redirect-list WCCP_WS-REDIRECT group-list WCCP_WS-PROXY
ERROR: Can't change redirect-acl, first remove wccp configuration and re-enter with new redirect-acl
ASA5555X(config)#
ASA5555X# sh run | inc wccp
wccp 0
wccp 70
ASA5555X# conf t
ASA5555X(config)# no wccp 0
ASA5555X(config)# no wccp 70
ASA5555X(config)#
ASA5555X# sh run | inc wccp
wccp 0
wccp 70
ASA5555X#
--
Relevant prior wccp confg: (minus the thousands of object group member entries)
--
access-list WCCP_WS-REDIRECT extended deny ip object-group WCCP-REDIRECT_DENY any
access-list WCCP_WS-REDIRECT extended deny ip object-group WCCP-EXCLUDE any
access-list WCCP_WS-REDIRECT extended deny ip any object-group WCCP-LOCAL
access-list WCCP_WS-REDIRECT extended deny ip any object-group WCCP-EXTERNAL_DENY
access-list WCCP_WS-REDIRECT extended permit ip object-group WCCP-REDIRECT any
access-list WCCP_WS-PROXY extended permit ip object PROXY01 any
access-list WCCP_WS-PROXY extended permit ip object PROXY02 any
wccp 0 redirect-list WCCP_WS-REDIRECT group-list WCCP_WS-PROXY
wccp 70 redirect-list WCCP_WS-REDIRECT group-list WCCP_WS-PROXY
wccp interface FW-INT 0 redirect in
wccp interface FW-INT 70 redirect in
--
I have tried from SSH/Console and ASDM but can't get the 2 lines removed, even tried power-cycling.
I can remove the ACLs and the wccp interface commands just fine, but not the wccp 0/70 ones.
Is there some special way WCCP has to be removed after it's activated or is this bugged?
Solved! Go to Solution.
10-16-2017 02:00 PM
The command did not work on the version I was running "9.8(1)" but did work after upgrading to "9.8(2)8"and the lines are now removed.
10-15-2017 01:00 PM
10-16-2017 02:00 PM
The command did not work on the version I was running "9.8(1)" but did work after upgrading to "9.8(2)8"and the lines are now removed.
01-20-2018 09:44 AM - edited 01-20-2018 09:46 AM
Running 9.9(1) here and I can't get the WCCP config to remove/change.
Tried ASDM and CLI/SSH
Funny thing is, I have been doing this all morning, and the moment that I sort of confirmed with Forcepoint the commands I have now are correct, is when it stops letting me modify.
01-20-2018 10:23 AM
Ok, so after running the 'clear wccp config' command, and waiting a couple of minutes it did actually clear out.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide