05-04-2008 02:51 PM
Have an Ironport behind an ASA, the ASA is configured for WCCP on the inside interface and the Ironport does web filtering.
Have some remote sites which have 2811's connecting to the ASA over an ipsec LAN2LAN vpn.
The 2811's have a T1 to the internet, a 16 port switch module, and runs firewall code.
I would like to configure the inside interfaces of the 2811's which are vLAN interfaces, to connect to the Ironport using WCCP for the purpose of web filtering.
I have tried several configurations but the WCCP communication is failing although I do get messages that indicate that the endpoints, the Ironport and the remote 2811's are seeing each others traffic. WCCP event debuging on the 2811 shows the following messages:
*May 2 22:00:11.226: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000
*May 2 22:00:21.258: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000
*May 2 22:00:31.214: %WCCP-1-SERVICELOST: Service 254 lost on WCCP client **ip of Ironport removed**
*May 2 22:00:41.242: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000
*May 2 22:00:51.278: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000
*May 2 22:01:01.234: %WCCP-1-SERVICELOST: Service 254 lost on WCCP client **ip of Ironport removed**
*May 2 22:01:11.258: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000
*May 2 22:01:21.278: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000
*May 2 22:01:31.270: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000
*May 2 22:01:31.286: %WCCP-1-SERVICELOST: Service 254 lost on WCCP client **ip of Ironport removed**
*May 2 22:01:51.302: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000
*May 2 22:02:01.290: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000
*May 2 22:02:11.294: %WCCP-1-SERVICELOST: Service 254 lost on WCCP client **ip of Ironport removed**
*May 2 22:02:21.298: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000
*May 2 22:02:31.334: WCCP-EVNT:D254: Here_I_Am packet from **ip of Ironport removed** w/bad rcv_id 00000000
Turning off WCCP and turning it on again generates these messages:
Router(config)#no ip wccp 254
The WCCP service is now disabled but remains configured on at least one interface.
Router(config)#ip wccp 254
Router(config)#
*May 2 21:56:53.714: WCCP-EVNT:D254: Assignment wait timer started
*May 2 21:56:53.714: WCCP-EVNT:D254: Built new router view: 0 routers, 0 usable WCCP clients, change # 00000001
output of the sho ip wccp command:
Router(config)#do sho ip wccp
Global WCCP information:
Router information:
Router Identifier: -not yet determined-
Protocol Version: 2.0
Service Identifier: 254
Number of Service Group Clients: 0
Number of Service Group Routers: 0
Total Packets s/w Redirected: 0
Process: 0
Fast: 0
CEF: 0
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Router(config)#
05-09-2008 08:10 AM
The reload may be more apparent when the WCCP control protocol is experiencing some instability: numerous WCCP-1-SERVICELOST, WCCP-5-SERVICEFOUND events
06-10-2008 10:46 AM
I have the exact same problem. Running an 831 with an IPSEC tunnel to a Checkpoint firewall. The Cache device is a Bluecoat SG appliance. I see the same log on my 831 router when I have WCCP configured. Other routers not behind an IPSEC tunnel work fine.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: