Showing results for 
Search instead for 
Did you mean: 

Squid ans WCCP on asa - no redirection after squid restart



i've configured squid 3.0 with wccp to asa5510 SW: 8.2.

All is working, but when the squid is down, the asa stops redirecting packets to it. Thats fine, but when i start the squid again, it's reregistering at the asa and it is marked as usable, but the redirection isn't enabled:

show wccp web

Global WCCP information:

Router information:

Router Identifier: $external-ip

Protocol Version: 2.0

Service Identifier: web-cache

Number of Cache Engines: 1

Number of routers: 1

Total Packets Redirected: 4309554

Redirect access-list: wccp_redirect

Total Connections Denied Redirect: 12047

Total Packets Unassigned: 11

Group access-list: -none-

Total Messages Denied to Group: 0

Total Authentication failures: 0

Total Bypassed Packets Received: 0

show wccp web det

WCCP Cache-Engine information:

Web Cache ID: $proxy-ip

Protocol Version: 2.0

State: Usable

Initial Hash Info: 00000000000000000000000000000000


Assigned Hash Info:



Hash Allotment: 256 (100.00%)

Packets Redirected: 4323358

Connect Time: 15:28:01

disabling wccp and reenabling on the asa solves the problem.

But shouldn't it work automatically?

Any suggestions?



1 Accepted Solution

Accepted Solutions

see bug CSCsy82260 fixed in - TAC provided an excellent turn around to the case.


View solution in original post

6 Replies 6


from my point of view ... if it works disabling wccp and re-enabling on ASA ( it seems that configuration is OK ) ... maybe you need to debug wccp when it happens.

I have a PIX 8.0.4 working OK with WCCP ( squid 3.0 ). When squid goes down PIX stops redirect. And when squid becomes available ... pIX automatically starts redirecting.

Please, can you post the config of ASA and squid?

Are you using GRE tunnel or ip_wccp module on your squid ?

Needed commands to verify all :

sh run on ASA.

sh wccp web-cache detail ( when issue happens )

Linux box :

[root@proxy ~]# iptables -t nat -n -L

[root@proxy ~]# lsmod | grep wccp

ip_wccp 7040 0

[root@proxy ~]# cat /etc/squid/squid.conf | grep '.' | grep -v "#"



I have an ASA 8.2.1 with WCCP to two Ironports appliances and was just about to ask the exact same question in this forum. The problem existed in 8.1 and I had hoped that 8.2.1 would resolve it.

Everything appears to be up and useable (after an outage) but no traffic is redirected. Remove and add again and it magically works again.

A bug I think.


Interesting, so it doesn't seem to be a squid problem. Perhaps, you can open an tac, the ironport appliances should be supported, i think. I'm not sure, how it is with a squid.



No I think it IS a cisco ASA issue - not IRONPORT or SQUID as the problem you describe is exactly the same for me with different caches.


see bug CSCsy82260 fixed in - TAC provided an excellent turn around to the case.


I installed the new software and now it works.

Many thanks for the link.

But the workaround is much to complex

a simple

wccp interface inside redirect in

also will reactivate the redirection.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers