cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1170
Views
0
Helpful
7
Replies

WCCP breaks Application Traffic

ankit_parikh
Level 1
Level 1

Hello Friends,

I have setup a test WAAS setup. The remote site connects to the main site through a site-to-site VPN connection. Cisco 1841 router is doing WCCP redirection at the remote end without any access lists. So all the traffic is being intercepted. I have set it up as explained in the WAAS quick config guide. File services are working fine but email, http and citrix traffic is being blocked somewhere in the network. This means WAFS is working but application acceleration is not at all working.. When I disable WCCP, everything works.

What am I doing wrong here?

thanks

Ankit

1 Accepted Solution

Accepted Solutions

Ankit,

Per Cisco the

Minimum Recommended Versions (IOS Routing Platforms) for WCCP w/ WAAS are

M Train

12.4(10)

T Train

12.4(9)T1

You might want to try upgrading your IOS to 12.4(10) or the T train if possible. I would start there.

Found these caveats on 12.4 code

?CSCuk61396

Symptoms: WCCP service redirection may not work. In particular, packets that are rejected by a third-party vendor appliance device and are returned to the router for normal forwarding may be discarded.

Conditions: This symptom is observed on a Cisco router when NAT or Cisco IOS Firewall features are enabled on the same interfaces that have WCCP enabled.

Workaround: There is no workaround.

HTH

Mike

View solution in original post

7 Replies 7

mlouis
Level 1
Level 1

Ankit,

It sounds like you might have a routing loop. Does this DOS on application traffic affect pings as well or is it just tcp application traffic that is affected? Where are you applying redirect statements at the remote site and at the core?

Can you post a drawing of your traffic flow between client and server and configs if possible?

As a general rule i always use redirect ACLs to prevent certain traffic - TACACs for example from getting looped in HA routing scenarios. All depends on your topology though.

Hi Michael,

My access lists are just permitting tcp traffic to and from that remote site. I can VNC to a machine on that site but my session doesn't last longer than a few seconds.

I changed my application policies to bypass email,http and vnc traffic and things started working fine. But this destroys the purpose of application acceleration, doesn't it?

Then I tried running PBR as opposed to WCCP version2 and guess what, everything worked using the same access-list I had. Which is why is said WCCP breaks application traffic.

I posted this query more than 15 days ago and no one seemed to reply. Luckily, I happened to figure out a solution and since you took the effort to reply to my post I thought I would share it with you.

thanks for your reply

Ankit

What versions of IOS are you using? I know there are issues with earlier revs that could cause issues.

Are you dual homing your WAEs anywhere in the topology? Are the WAEs on seperate ip subnets at each site or on the same subnet where the clients are located?

Hi Michael,

The WAE's are sitting on a separate subnet at each site. I read the requirements for WAAS setup which mentions having a separate subnet for the WAE.

IOS version on the 1841 router:

Version 12.4(1a), RELEASE SOFTWARE (fc2)

Ankit

Ankit,

Per Cisco the

Minimum Recommended Versions (IOS Routing Platforms) for WCCP w/ WAAS are

M Train

12.4(10)

T Train

12.4(9)T1

You might want to try upgrading your IOS to 12.4(10) or the T train if possible. I would start there.

Found these caveats on 12.4 code

?CSCuk61396

Symptoms: WCCP service redirection may not work. In particular, packets that are rejected by a third-party vendor appliance device and are returned to the router for normal forwarding may be discarded.

Conditions: This symptom is observed on a Cisco router when NAT or Cisco IOS Firewall features are enabled on the same interfaces that have WCCP enabled.

Workaround: There is no workaround.

HTH

Mike

Hi Mike,

I tried the same config on a 1841 router with IOS Version 12.4(11)T. Everything works as normal. Thanks for your help.

cheers

Ankit

Awesome :)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: