Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
420
Views
0
Helpful
1
Replies

WCCP Redirect Failing

leesutcliffe
Level 1
Level 1

‎10-12-2015 09:38 AM - edited ‎03-11-2019 11:44 PM

Hi, 

I have a setup where by I am using WCCP to redirect traffic to a Riverbed SteelHead. 

This configuration work, traffic initiated from Site A is re-directed the the Steelhead and forwarded to Site B ... so far so good. 

 

My issue is that return traffic at Site B is returning directly - i.e. not via the Steelhead. 

It appears that the ASA is not redirecting return traffic to the Steelhead - even though the access list hit count is incrementing and GRE is up between the ASA and Steelhead:

 

Global WCCP information:
    Router information:
        Router Identifier:                   10.1.1.1
        Protocol Version:                    2.0

    Service Identifier: 61
        Number of Cache Engines:             1
        Number of routers:                   1
        Total Packets Redirected:            0
        Redirect access-list:                wccp-traffic
        Total Connections Denied Redirect:   0
        Total Packets Unassigned:            0
        Group access-list:                   wccp-server
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0

 

 

access-list wccp-traffic line 4 extended permit ip host 10.5.5.5 host 10.4.4.4 (hitcnt=57830) 0x7c96b4ef

 

What reason would cause the ASA to not redirect  the return traffic, when the traffic matches the ACL and there is a GRE connection to the Steelhead?

 

Thanks

 

Labels:
0 Helpful
1 Reply 1

Akshay Rastogi
Cisco Employee
Cisco Employee

‎10-12-2015 12:56 PM

Hi,

As per WCCP redirection, WCCP server initiates the connection to the Destination on the behalf of Client.

Now there is no involvement of ASA for return traffic redirected to Initiator. WCCP server directly reply to Initiator. However there is a GRE tunnel between ASA and WCCP server. ASA uses this tunnel to pass Initiator's request to WCCP server. WCCP server now separately initiates connection with Destination as per the original request by Initiator. Whatever reply that comes from Destination would be sent to Initiator directly by WCCP serveR(no involvement of ASA again).

Please share the output of 'show run wccp'.

How you verified if traffic is not coming from WCCP server?

 

Regards,

Akshay Rastogi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card