Issue with Ironport S170 and C1801 router (using WCCP).

Hello,

We had an C1841 router(rtr-h001952) in between our firewall and core C1801 router(rtr-h001630), which basically acted as another hop between rtr-h001630 and our internet gateway (firewall). rtr-h001952 was running WCCP on it's outbound interface. rtr-h001952 recently died, so we removed it and updated the config on rtr-h001630 to directly use the firewall as its default gateway. We also added the WCCP duties to rtr-h001630's outbound interface. In my mind, I thought this would 'plug the gap' sufficiently.

Everything seems fine with WCCP, all computers on the network transparently authenticate and transparently have ports 80/443 redirected to the Ironport, except for one thing: Any device we add to Ironport's bypass list doesn't reach the internet.

The Ironport, rtr-h001630 and firewall have been rebooted. ARP cache's have been cleared on switches, but all to no avail. All ACL's and WCCP configs have been triple-checked. Everything seems right (based on many, many hours of Googling for suggestions, guides etc).

I have tested the paths to and from everything I can think of. All routes trace exactly as I would expect them to.

However, despite all this, if I add a device to Ironport's bypass list, the firewall never sees the traffic. I have ran a packet trace on Ironport, and I can see it receiving the HTTP request, but it's not clear (to me, anyway) why it's not working from there. All I know as this point is that Ironport acknowledge's that it should 'bypass' it, but the firewall never appears to see any request against the target HTTP destination.

I am attaching two images, one where the rtr-h001952 was in place, and the more recent one with it removed from the network.

Any suggestions on what I'm stupidly overlooking, or where best to start troubleshooting this issue would be greatly appreciated!

Thank you!

Elliot