WCCP over a VPN link.

Unanswered Question
May 4th, 2008

Have an Ironport behind an ASA, the ASA is configured for WCCP on the inside interface and the Ironport does web filtering.

Have some remote sites which have 2811's connecting to the ASA over an ipsec LAN2LAN vpn.

The 2811's have a T1 to the internet, a 16 port switch module, and runs firewall code.

I would like to configure the inside interfaces of the 2811's which are vLAN interfaces, to connect to the Ironport using WCCP for the purpose of web filtering.

I have tried several configurations but the WCCP communication is failing although I do get messages that indicate that the endpoints, the Ironport and the remote 2811's are seeing each others traffic. WCCP event debuging on the 2811 shows the following messages:

*May 2 22:00:11.226: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000

*May 2 22:00:21.258: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000

*May 2 22:00:31.214: %WCCP-1-SERVICELOST: Service 254 lost on WCCP client **ip of Ironport removed**

*May 2 22:00:41.242: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000

*May 2 22:00:51.278: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000

*May 2 22:01:01.234: %WCCP-1-SERVICELOST: Service 254 lost on WCCP client **ip of Ironport removed**

*May 2 22:01:11.258: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000

*May 2 22:01:21.278: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000

*May 2 22:01:31.270: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000

*May 2 22:01:31.286: %WCCP-1-SERVICELOST: Service 254 lost on WCCP client **ip of Ironport removed**

*May 2 22:01:51.302: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000

*May 2 22:02:01.290: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000

*May 2 22:02:11.294: %WCCP-1-SERVICELOST: Service 254 lost on WCCP client **ip of Ironport removed**

*May 2 22:02:21.298: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000

*May 2 22:02:31.334: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000

Turning off WCCP and turning it on again generates these messages:

Router(config)#no ip wccp 254

The WCCP service is now disabled but remains configured on at least one interface.

Router(config)#ip wccp 254

Router(config)#

*May 2 21:56:53.714: WCCP-EVNT:D254: Assignment wait timer started

*May 2 21:56:53.714: WCCP-EVNT:D254: Built new router view: 0 routers, 0 usable WCCP clients, change # 00000001

output of the sho ip wccp command:

Router(config)#do sho ip wccp

Global WCCP information:

Router information:

Router Identifier: -not yet determined-

Protocol Version: 2.0

Service Identifier: 254

Number of Service Group Clients: 0

Number of Service Group Routers: 0

Total Packets s/w Redirected: 0

Process: 0

Fast: 0

CEF: 0

Redirect access-list: -none-

Total Packets Denied Redirect: 0

Total Packets Unassigned: 0

Group access-list: -none-

Total Messages Denied to Group: 0

Total Authentication failures: 0

Total Bypassed Packets Received: 0

Router(config)#

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aghaznavi Fri, 05/09/2008 - 08:10

The reload may be more apparent when the WCCP control protocol is experiencing some instability: numerous WCCP-1-SERVICELOST, WCCP-5-SERVICEFOUND events

2tramsay Tue, 06/10/2008 - 10:46

I have the exact same problem. Running an 831 with an IPSEC tunnel to a Checkpoint firewall. The Cache device is a Bluecoat SG appliance. I see the same log on my 831 router when I have WCCP configured. Other routers not behind an IPSEC tunnel work fine.

Actions

This Discussion