Solved: Re: Squid ans WCCP on asa - no redirection after squid restart

seibertmedia · ‎09-30-2009

Hello,

i've configured squid 3.0 with wccp to asa5510 SW: 8.2.

All is working, but when the squid is down, the asa stops redirecting packets to it. Thats fine, but when i start the squid again, it's reregistering at the asa and it is marked as usable, but the redirection isn't enabled:

show wccp web

Global WCCP information:

Router information:

Router Identifier: $external-ip

Protocol Version: 2.0

Service Identifier: web-cache

Number of Cache Engines: 1

Number of routers: 1

Total Packets Redirected: 4309554

Redirect access-list: wccp_redirect

Total Connections Denied Redirect: 12047

Total Packets Unassigned: 11

Group access-list: -none-

Total Messages Denied to Group: 0

Total Authentication failures: 0

Total Bypassed Packets Received: 0

show wccp web det

WCCP Cache-Engine information:

Web Cache ID: $proxy-ip

Protocol Version: 2.0

State: Usable

Initial Hash Info: 00000000000000000000000000000000

00000000000000000000000000000000

Assigned Hash Info:

00000000000000000000000000000000

Hash Allotment: 256 (100.00%)

Packets Redirected: 4323358

Connect Time: 15:28:01

disabling wccp and reenabling on the asa solves the problem.

But shouldn't it work automatically?

Any suggestions?

Thanks,

Tom

plearmouth · ‎10-21-2009

see bug CSCsy82260 fixed in 8.2.1.10 - TAC provided an excellent turn around to the case.

Paul

View solution in original post

whattaneguiconsul · ‎10-05-2009

Hello,

from my point of view ... if it works disabling wccp and re-enabling on ASA ( it seems that configuration is OK ) ... maybe you need to debug wccp when it happens.

I have a PIX 8.0.4 working OK with WCCP ( squid 3.0 ). When squid goes down PIX stops redirect. And when squid becomes available ... pIX automatically starts redirecting.

Please, can you post the config of ASA and squid?

Are you using GRE tunnel or ip_wccp module on your squid ?

Needed commands to verify all :

sh run on ASA.

sh wccp web-cache detail ( when issue happens )

Linux box :

[root@proxy ~]# iptables -t nat -n -L

[root@proxy ~]# lsmod | grep wccp

ip_wccp 7040 0

[root@proxy ~]# cat /etc/squid/squid.conf | grep '.' | grep -v "#"

Regards

plearmouth · ‎10-16-2009

hi

I have an ASA 8.2.1 with WCCP to two Ironports appliances and was just about to ask the exact same question in this forum. The problem existed in 8.1 and I had hoped that 8.2.1 would resolve it.

Everything appears to be up and useable (after an outage) but no traffic is redirected. Remove and add again and it magically works again.

A bug I think.

Paul

seibertmedia · ‎10-16-2009

Interesting, so it doesn't seem to be a squid problem. Perhaps, you can open an tac, the ironport appliances should be supported, i think. I'm not sure, how it is with a squid.

Tom

plearmouth · ‎10-16-2009

Tom

No I think it IS a cisco ASA issue - not IRONPORT or SQUID as the problem you describe is exactly the same for me with different caches.

Paul

plearmouth · ‎10-21-2009

see bug CSCsy82260 fixed in 8.2.1.10 - TAC provided an excellent turn around to the case.

Paul

seibertmedia · ‎11-04-2009

I installed the new software and now it works.

Many thanks for the link.

But the workaround is much to complex

a simple

wccp interface inside redirect in

also will reactivate the redirection.