Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2392
Views
0
Helpful
9
Replies

WCCP for https

anujseth1.con
Level 1
Level 1

‎02-28-2012 09:43 AM - edited ‎03-07-2019 05:14 AM

I am trying to enable wccp on 6509. Its works fine on port 80 but not with https (443).

Also i have noticed when i use the following

ip wccp web-cache redirect in

similarly adding to interface http works. but when i use the service no 0 instad of web-cache even the http stops working.

Any Help? wccp v2 is enabled in the switch.

Both the source & the Squid server are in same Vlan.

Labels:
0 Helpful
9 Replies 9

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎02-28-2012 10:04 AM

Disclaimer

The    Author of this posting offers the information contained within this    posting without consideration and with the reader's understanding that    there's no implied or expressed suitability or fitness for any  purpose.   Information provided is for informational purposes only and  should not   be construed as rendering professional advice of any kind.  Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In    no event shall Author be liable for any damages whatsoever  (including,   without limitation, damages for loss of use, data or  profit) arising  out  of the use or inability to use the posting's  information even if  Author  has been advised of the possibility of such  damage.

Posting

You may need a different service number to support HTTPS.  Where I'm at, we use service #70 for HTTPS, and either service #0 or web-cache for HTTP (depends on server).

PS:

https://ironport.custhelp.com/app/answers/detail/a_id/1655

0 Helpful

anujseth1.con
Level 1
Level 1
In response to Joseph W. Doherty

‎02-28-2012 10:13 AM

yes I have used #70 for https. but its not working.

Also to add, when i use #0 http also does not work. but when i use web-cache http works. Any idea why such behaviour?

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to anujseth1.con

‎02-28-2012 11:34 AM

Disclaimer

The     Author of this posting offers the information contained within this     posting without consideration and with the reader's understanding  that    there's no implied or expressed suitability or fitness for any   purpose.   Information provided is for informational purposes only and   should not   be construed as rendering professional advice of any kind.   Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In     no event shall Author be liable for any damages whatsoever   (including,   without limitation, damages for loss of use, data or   profit) arising  out  of the use or inability to use the posting's   information even if  Author  has been advised of the possibility of  such  damage.

Posting

When you perform a sh ip wccp on the WCCP router, do you see a server register for service 70?

I know nothing of Squid, but glancing at its Wiki page for HTTPS (http://wiki.squid-cache.org/Features/HTTPS?highlight=%28faqlisted.yes%29), I see it can possible issues why it might not work for specific HTTPS flows.

0 Helpful

anujseth1.con
Level 1
Level 1
In response to anujseth1.con

‎02-28-2012 09:16 PM

Thanks Joseph. The follwing is the output

Router#sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier:                   172.25.27.65
        Protocol Version:                    2.0

    Service Identifier: web-cache
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets s/w Redirected:        77
          Process:                           0
          CEF:                               77
        Redirect access-list:                123
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            11
        Group access-list:                   10
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0

    Service Identifier: 70
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets s/w Redirected:        0
          Process:                           0
          CEF:                               0
        Redirect access-list:                123
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            0
        Group access-list:                   10
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0

Also: Added the following lines in the config

ip wccp web-cache redirect-list 123 group-list 10

ip wccp 70 redirect-list 123 group-list 10

And in the interface:

interface Vlan101

description CANVAS-FE SVI

ip address 172.25.26.194 255.255.255.192 secondary

ip address 172.25.26.4 255.255.255.192

no ip redirects

ip nat outside

ip wccp web-cache redirect in

ip wccp 70 redirect in

ip pim dense-mode

ip igmp join-group 230.0.0.1

standby 1 ip 172.25.26.6

standby 1 priority 110

standby 1 preempt

end

The access list.:

Router#sh access-lists 123

Extended IP access list 123

    10 deny ip host 172.25.26.234 any (683 matches)

    20 permit tcp host 172.25.26.51 any eq www (57 matches)

    21 permit tcp host 172.25.26.51 any eq 443

    30 deny ip any any (57858 matches)

Router#sh access-lists 10

Standard IP access list 10

    20 permit 172.25.26.234 (66796 matches)

    10 permit 132.146.1.141

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to anujseth1.con

‎02-29-2012 02:40 AM

Disclaimer

The      Author of this posting offers the information contained within this      posting without consideration and with the reader's understanding   that    there's no implied or expressed suitability or fitness for any    purpose.   Information provided is for informational purposes only  and   should not   be construed as rendering professional advice of any  kind.   Usage of  this  posting's information is solely at reader's own  risk.

Liability Disclaimer

In      no event shall Author be liable for any damages whatsoever    (including,   without limitation, damages for loss of use, data or    profit) arising  out  of the use or inability to use the posting's    information even if  Author  has been advised of the possibility of   such  damage.

Posting

That looks about right.  Assuming it is, issue might be on the Squid side.

0 Helpful

anujseth1.con
Level 1
Level 1
In response to anujseth1.con

‎02-29-2012 02:43 AM

Thanks Joseph, I have asked the Squid Team to check the Squid. Will update soon

0 Helpful

cadet alain
VIP Alumni
VIP Alumni

‎02-28-2012 10:33 AM

Hi,

service 0 is for http not https, for secure http it is service 70.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

anujseth1.con
Level 1
Level 1
In response to cadet alain

‎02-28-2012 11:28 AM

I dont know why you are not understading.

there are two aspects:

for port 80 i.e http

when i use web-cache wccp works for http. and when i use service no 0 http stops working

Also when i add service no 70 https does not work.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to anujseth1.con

‎02-28-2012 12:23 PM

I'm not misunderstanding just posted my reply not seing that someone else had already done the same.

I'm sure you will excuse me trying to answer your problems even if after all this seems to be another issue.

Don't forget to rate helpful posts.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card