Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6686
Views
0
Helpful
2
Replies

WCCP redirect on 4507 to ironport

Justin Westover
Level 1
Level 1

‎06-17-2012 06:26 PM

I am trying to setup WCCP on our 4507. For some reason I cannot get this to work! The config I have tried is below. I can't figure out what I'm doing wrong here!

ip wccp web-cache group-list IRONPORT-GROUPLIST

ip wccp source-interface GigabitEthernet2/24

!

Interface Vlan160

ip address 10.10.16.1 255.255.254.0

ip wccp web-cache redirect out

!

ip access-list IRONPORT-GROUPLIST

permit ip any host 10.11.1.10 (10.11.1.10 is the ironport proxy IP address)

On the ironport I setup web-cache under transparent redirection and provided the IP address I used to source from above (GigabitEthernet2/24). Here is the output I get on the 4507:

10CSW-LAN1#sh ip wccp web-cache
Global WCCP information:
    Router information:
        Router Identifier:                   10.11.1.9
        Configured source-interface:         GigabitEthernet2/24
        Protocol Version:                    2.0

    Service Identifier: web-cache
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets Redirected:            0
          Process:                           0
          CEF:                               0
          Platform:                          0
        Service mode:                        Open
        Service Access-list:                 -none-
        Total Packets Dropped Closed:        0
        Redirect access-list:                -none-
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            0
        Group access-list:                   IRONPORT_GROUPLIST
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total GRE Bypassed Packets Received: 0
          Process:                           0
          CEF:                               0
          Platform:                          0

                 

Here is the debug output:

2w3d: WCCP-EVNT:Process: Start V2 (138)

2w3d: WCCP-EVNT:Successfully opened UDP socket

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:router-id set (initialise) 0.0.0.0 => 10.11.1.9

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: allocate wc orig mask info (540 bytes)

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:1

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated transmit interval to: 10000

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated timer scaling factors to: 1 and 1

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group methods

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group timers

2w3d: WCCP-EVNT:S0: no srvc grp mask data to validate

2w3d: WCCP-EVNT:S0: created adjacency interest, 10.11.1.10

2w3d: WCCP-EVNT:S0: nexthop update oce for wc 10.11.1.10, 0x0 -> 0x23C10CF0 IP adj out of GigabitEthernet2/24, addr 10.11.1.10 23C10C80

2w3d: WCCP-EVNT:S0: track nexthop for wc 10.11.1.10 (OK)

2w3d: %WCCP-5-SERVICEFOUND: Service web-cache acquired on WCCP client 10.11.1.10

10CSW-LAN1(config)#

2w3d: WCCP-PKT:S0: Received HIA from 10.11.1.10, rcv_id:1

2w3d: WCCP-EVNT:S0: Building new router view

2w3d: WCCP-EVNT:S0: deallocate rtr_view (24 bytes)

2w3d: WCCP-EVNT:S0: allocate mask rtr_view (572 bytes)

2w3d: WCCP-EVNT:S0: copy orig info (540 bytes)

2w3d: WCCP-EVNT:S0: Assignment wait timer restarted, delay 50000

2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:2

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: setting up wc mask assignments

2w3d: WCCP-EVNT:S0: allocate current assign info (540 bytes)

2w3d: WCCP-EVNT:S0: set wc current assign info (540 bytes)

2w3d: WCCP-EVNT:S0: RA from 10.11.1.10 (id: 10.11.1.10), assignment key set to 10.11.1.10,3

2w3d: WCCP-EVNT:S0: Building new router view

2w3d: WCCP-EVNT:S0: reuse rtr_view (44 of 572 bytes)

2w3d: WCCP-EVNT:S0: copy blank current info

2w3d: WCCP-EVNT:S0: Assignment wait timer stopped

2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2

2w3d: WCCP-PKT:S0: Received RA from 10.11.1.10, rcv_id:2

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: wc assignment validated

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:3

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: wc assignment validated

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:4

10CSW-LAN1(config)#

2w3d: %SEC-6-IPACCESSLOGP: list IRONPORT_GROUPLIST permitted udp 10.11.1.10(0) -> 10.11.1.9(0), 5 packets

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: wc assignment validated

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:5

2w3d: WCCP-EVNT:Process: Start V2 (138)

2w3d: WCCP-EVNT:Successfully opened UDP socket

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:router-id set (initialise) 0.0.0.0 => 10.11.1.9

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: allocate wc orig mask info (540 bytes)

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:1

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated transmit interval to: 10000

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated timer scaling factors to: 1 and 1

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group methods

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group timers

2w3d: WCCP-EVNT:S0: no srvc grp mask data to validate

2w3d: WCCP-EVNT:S0: created adjacency interest, 10.11.1.10

2w3d: WCCP-EVNT:S0: nexthop update oce for wc 10.11.1.10, 0x0 -> 0x23C10CF0 IP adj out of GigabitEthernet2/24, addr 10.11.1.10 23C10C80

2w3d: WCCP-EVNT:S0: track nexthop for wc 10.11.1.10 (OK)

2w3d: %WCCP-5-SERVICEFOUND: Service web-cache acquired on WCCP client 10.11.1.10

10CSW-LAN1(config)#

2w3d: WCCP-PKT:S0: Received HIA from 10.11.1.10, rcv_id:1

2w3d: WCCP-EVNT:S0: Building new router view

2w3d: WCCP-EVNT:S0: deallocate rtr_view (24 bytes)

2w3d: WCCP-EVNT:S0: allocate mask rtr_view (572 bytes)

2w3d: WCCP-EVNT:S0: copy orig info (540 bytes)

2w3d: WCCP-EVNT:S0: Assignment wait timer restarted, delay 50000

2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:2

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: setting up wc mask assignments

2w3d: WCCP-EVNT:S0: allocate current assign info (540 bytes)

2w3d: WCCP-EVNT:S0: set wc current assign info (540 bytes)

2w3d: WCCP-EVNT:S0: RA from 10.11.1.10 (id: 10.11.1.10), assignment key set to 10.11.1.10,3

2w3d: WCCP-EVNT:S0: Building new router view

2w3d: WCCP-EVNT:S0: reuse rtr_view (44 of 572 bytes)

2w3d: WCCP-EVNT:S0: copy blank current info

2w3d: WCCP-EVNT:S0: Assignment wait timer stopped

2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2

2w3d: WCCP-PKT:S0: Received RA from 10.11.1.10, rcv_id:2

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: wc assignment validated

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:3

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: wc assignment validated

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:4

10CSW-LAN1(config)#

2w3d: %SEC-6-IPACCESSLOGP: list IRONPORT_GROUPLIST permitted udp 10.11.1.10(0) -> 10.11.1.9(0), 5 packets

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: wc assignment validated

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:5

Labels:
0 Helpful
2 Replies 2

Christian Rahl
Level 1
Level 1

‎06-18-2012 06:36 AM

I would recommend doing the following. Also feel free to call into the ironport support line. It is listed at the bottom of the page.

  • Change the wccp service to service-number 90
  • Try to redirect inbound traffic not outbound traffic.
  • Set Load-balancing to mask
  • Set forward method to L2
  • Set return method to L2

ip wccp 90 group-list IRONPORT-GROUPLIST  <- Set the wccp service-number

ip wccp source-interface GigabitEthernet2/24

!

Interface Vlan160

ip address 10.10.16.1 255.255.254.0

ip wccp 90 redirect out  <- Set the WCCP Service-number try to redirect inbound traffic

!

ip access-list IRONPORT-GROUPLIST

permit ip any host 10.11.1.10 (10.11.1.10 is the ironport proxy IP address)

Below is an example of how you should setup your ironport for a customer service number. Place the port numbers that you want to redirect.

Christian Rahl

Customer Support Engineer                      

Cisco IronPort - Web Security Appliances

Cisco Technical Assistance Center RTP

United States Ironport: 1-877-641-IRON (4766)

0 Helpful

c.spescha
Level 1
Level 1

‎06-18-2012 03:41 PM

hi

I have the same setup, and it works.

--> sh ip wccp web-cache detail

are you using GRE or L2?

regards

Claudio

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents