Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
899
Views
10
Helpful
5
Replies

cisco 3825 wccp /GRE with squid cache box problem !

Dr.X
Level 2
Level 2

‎11-09-2014 07:17 AM - edited ‎03-07-2019 09:26 PM

Hi all

 

im trying to esablish wccp /GRE with tproxy mode  session between router 3825 and squid centos 7.

 

the wccp is up and fine and squid service is ok.

 

the problem is , no traffic is being redirected from the cisco router to the squid box !!

 

 

im wondering , when i do the wccp on cisco and use GRE wccp return/hash/rediect on the squid box ..... do i need to condfigure a tunnel on the router ????

 

wt should be done on the router ??

 

 

here is who version :

Cisco IOS Software, 3800 Software (C3825-ADVENTERPRISEK9-M), Version 12.4(18b), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (coffee) 1986-2008 by Cisco Systems, Inc.
Compiled Mon 19-May-08 21:23 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T10, RELEASE SOFTWARE (fc1)

MAEG-Router uptime is 4 weeks, 3 days, 22 hours, 32 minutes
System returned to ROM by power-on
System image file is "flash:c3825-adventerprisek9-mz.124-18b.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 3825 (revision 1.2) with 225280K/36864K bytes of memory.
Processor board ID FHK1231F32C
2 Gigabit Ethernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
479K bytes of NVRAM.
62720K bytes of ATA System CompactFlash (Read/Write)

Configuration register is 0x2102

 

 

 

MAEG-Router#sh ip wccp 
Global WCCP information:
    Router information:
 Router Identifier:                   192.168.10.1
 Protocol Version:                    2.0

    Service Identifier: web-cache
 Number of Service Group Clients:     0
 Number of Service Group Routers:     0
 Total Packets s/w Redirected:        38958
   Process:                           2337
   Fast:                              0
   CEF:                               36621
 Redirect access-list:                -none-
 Total Packets Denied Redirect:       0
 Total Packets Unassigned:            4630
 Group access-list:                   -none-
 Total Messages Denied to Group:      0
 Total Authentication failures:       0
 Total Bypassed Packets Received:     0

    Service Identifier: 80
 Number of Service Group Clients:     1
 Number of Service Group Routers:     1
 Total Packets s/w Redirected:        0
   Process:                           0
   Fast:                              0
   CEF:                               0
 Redirect access-list:                DRVIRUSIN
 Total Packets Denied Redirect:       0
 Total Packets Unassigned:            0
 Group access-list:                   -none-
 Total Messages Denied to Group:      0
 Total Authentication failures:       0
 Total Bypassed Packets Received:     0

    Service Identifier: 90
 Number of Service Group Clients:     1
 Number of Service Group Routers:     1
 Total Packets s/w Redirected:        0
   Process:                           0
   Fast:                              0
   CEF:                               0
 Redirect access-list:                DRVIRUSOUT
 Total Packets Denied Redirect:       0
 Total Packets Unassigned:            0
 Group access-list:                   -none-
 Total Messages Denied to Group:      0
        Total Authentication failures:       0
 Total Bypassed Packets Received:     0

 

 

 

 

 

regards

Labels:
0 Helpful
5 Replies 5

Richard Burts
Hall of Fame
Hall of Fame

‎11-09-2014 10:54 AM

My memory of doing WCCP with IOS was that you do not need to configure a tunnel. IOS will automatically create the tunnel.

 

In looking at your output I see it reporting for web cache showing packet counts but no client or router and reporting for service identifier 80 and 90 where it shows client and router but no packet count. I suspect that there is some mismatch in your configuration.

 

HTH

 

Rick

HTH

Rick

Dr.X
Level 2
Level 2
In response to Richard Burts

‎11-09-2014 12:23 PM

Hi Rick , thanks for reply .

 

let me ask you , 

 

now on the router you said GRE tunnle is created automatially ?

 

wt i need to do on the linux box ?

 

you will say GRE tunnle , ok .... GRE tunnel , but for wt ?

 

i do gre tunnel that identify my src ip and the destination ip of the router and wt else ?

 

should i router subnets here in GRE ? or just create tunnel ??

 

here is wt i did for linux box gre config on squid box ...... is wt i did below is suffecitnt for GRE on box ?

 

 #iptunnel add wccp0 mode gre remote (remote ip of router) local (my squid box ip) dev eth0
  #ifconfig wccp0 127.0.1.1/32 up

 

also , how to check the GRE tunnel is ok or not with the cisco router ?

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Dr.X

‎11-09-2014 12:39 PM

Unfortunately I do not know what you need to do on the Linux box. When I configured WCCP I was responsible for the IOS side and someone else was responsible for the cache engine (in my case it was not Squid). So I have little advice for your about what is needed for Linux.

 

When I configured it I did the WCCP configuration. I did not configure anything about GRE tunnels. Not tunnel interface, not tunnel source, not tunnel destination, not tunnel IP. IOS configured what it needed without my doing anything for the tunnel. My memory (it has been quite a while) was that show ip interface brief would show the tunnels. My memory is not clear but I assume that show interface would probably show the tunnel. I do remember that I did not need to be concerned about the tunnels for WCCP. As long as WCCP was working then I could assume that the tunnels were working ok.

 

HTH

 

Rick

HTH

Rick

Dr.X
Level 2
Level 2
In response to Richard Burts

‎11-09-2014 12:55 PM

thank you for all help.

 

let me ask you  , when using WCCP/transparent with tproxy

 

do i need to configure ip wccp web cache  command ???

ip wccp web-cache

as i know its the well know service and not used with tproxy 

 

but i followed an article and found its needed :

http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2

 

 

the second question is

 

i cant see new interfaces when i do :

show ip int b

 

or 

sh tunnels

 

?????

i mean WCCP is up , but i cant see GRE tunnels interfaces or ips for them ???!!!

thanks alot for all time you spent for help agian

 

regards

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Dr.X

‎11-09-2014 06:14 PM

I do not know yet how to answer these questions. Perhaps you could post fresh output of show ip wccp and of show ip interface brief? Perhaps that will help to understand it.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card