05-05-2008 10:27 PM
We have two routers running the same IOS version in our core - c7200-is-mz.123-10a.bin. One terminates a number of tunnels and the other has a number of dialer interfaces associated with an ISDN PRI. Each of our site routers has a tunnel going to the core (via an ADSL connection) and a backup ISDN interface with a dialer configured. When we are running on the primary links everything works fine. When we are running on the backup links (the ISDN) WCCP redirection seems to prevent clients from accessing services on TCP in the core (I can telnet to the core ISDN router from a PC on site, but can't access anything else). Ping always works fine - hence my suspicions about WCCP. If I disable WCCP on the core router with the ISDN links backup connections work fine.
Our remote routers use c2800nm-advsecurityk9-mz.124-11.T4.bin.
My question is - is there any issue with WCCP redirection and dialer interfaces?
Below is the relevant config for the routers that don't work (addresses, names and numbers have been sanitized.
corerouter#
ip wccp 61
ip wccp 62
interface Dialer183
description Backup DoD for remote site
bandwidth 64
ip address 192.168.1.1 255.255.255.252
ip wccp 61 redirect out
ip wccp 62 redirect in
encapsulation ppp
dialer pool 2
dialer remote-name siterouter
dialer idle-timeout 300
dialer enable-timeout 60
dialer wait-for-carrier-time 10
dialer caller 222222
dialer-group 1
snmp ifindex persist
ppp authentication chap
End
siterouter#sh run
ip wccp 61
ip wccp 62
interface Dialer1
description Backup DoD to the core via ISDN
bandwidth 64
ip address 192.168.1.2 255.255.255.252
ip wccp 62 redirect in
encapsulation ppp
dialer pool 2
dialer remote-name corerouter
dialer idle-timeout 300
dialer enable-timeout 60
dialer wait-for-carrier-time 10
dialer string 111111
dialer caller 222222
dialer-group 2
ppp authentication chap
end
05-06-2008 09:52 PM
Peter,
I am not aware of any specific issues with WCCP interception on dialer interfaces.
Can you try disabling CEF on the dialer interface and see if that makes a difference?
Thanks,
Zach
05-07-2008 03:43 PM
Zach,
I've tried that as you suggested and it made no difference. I had seen a bug on the bugtracker about process switched packets possibly not being WCCP redirected correctly, so I have also tried ensuring that CEF was enabled, and removing compression in case that made the packets process switch.
I have also tried removing the multilink and ensuring that only one ISDN B channel is pulled up for that dialer interface. That made no difference.
I have verified that it is the router in the core that is causing the issue because I can have the remote site connect to the core via ISDN and have WAAS optimise traffic from that remote site to another remote site via the core (if I disable WCCP in the core).
Thanks,
Peter
05-12-2008 04:25 PM
Zach,
A little further investigation has shown that WCCP is not working properly for ANY traffic on that particular router (it is a 7204VXR with NPE225). The other router - a 7206VXR with NPE300 is working fine. Both are flagged for replacement and IOS upgrade before June 30 - so I won't dig into it any further. My only thoughts were that maybe I could use the Negotiated return egress method in case IP forwarding was the problem. I may still do that depending on how critical my project sees the backup links.
Thanks,
Peter
05-13-2008 05:31 PM
OK - I feel like such a fool. I looked at the network diagram and realised that Negotiated return is needed in our configuration. I'll configure that and I am sure it will all work fine.
Thanks for your help.
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide