11-21-2010 01:48 PM - edited 03-04-2019 10:32 AM
Hi,
I´m trying to config a wccp web-proxy in a ISR 2811 at branch network. I have an Iron Port at Head-Quarter.
The idea is that the users at branch network, transparently forward http traffic to Iron Port at Central-Office and from them go to Internet.
The communication between sites is over DMVPN. I have two GRE tunnels running OSPF.
The Iron Port is configured as wccp v2 transparent redirection with forwarding method L2 or GRE an retunr method as L2 or GRE.
I receive packets on the branch router "Here I Am" but it get a message on debug:
Nov 21 19:26:07.067 GMT-2: WCCP-EVNT:D10: Here_I_Am packet from 172.16.10.10 w/bad fwd method L2, received indirectly via Tunnel1
Nov 21 19:26:07.067 GMT-2: WCCP-EVNT:D10: Here_I_Am packet from 172.16.10.10 with incompatible capabilites
Nov 21 19:46:07.035 GMT-2: WCCP-PKT:D10: Sending I_See_You packet to 172.16.10.10 w/ rcv_id 0000004F
Is it possible to implement this scenario at this way?
Please, any idea?
Thanks!!
04-14-2011 11:39 AM
I am having the same issue using 871 routers on the remote side. I was able to get WCCP to work intermitently running 12.4(9)t (It would work for a short time and then the redirection would stop and the router would loose the WCCP connection to the IronPort devices.
We have two Iron Port Web filters, one in the 6.X version of code and the other in the 7.1.X code line.
After upgrading to 12.4(24)t5 I get:
WCCP Client information:
WCCP Client ID: xxxx
Protocol Version: 2.0
State: NOT Usable (Protocol not L2 connected)
Redirection: L2
Packet Return: L2
Packets Redirected: 0
Connect Time: 02:26:42
Assignment: MASK
WCCP Client ID: xxxx
Protocol Version: 2.0
State: NOT Usable (Protocol not L2 connected)
Redirection: L2
Packet Return: L2
Packets Redirected: 0
Connect Time: 02:25:09
Assignment: MASK
I too have both L2 or GRE and MASK or HASH configured on the Ironport for the policies that we are using.
I can't switch over to only GRE as we also have some 4500 switches that are connected L2 to the Ironports.
Is there a way to force the router to only talk GRE and HASH, as it looks like this is a capability election issue in IOS for WCCP?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide