Squid ans WCCP on asa - no redirection after squid restart

Answered Question
Sep 30th, 2009


i've configured squid 3.0 with wccp to asa5510 SW: 8.2.

All is working, but when the squid is down, the asa stops redirecting packets to it. Thats fine, but when i start the squid again, it's reregistering at the asa and it is marked as usable, but the redirection isn't enabled:

show wccp web

Global WCCP information:

Router information:

Router Identifier: $external-ip

Protocol Version: 2.0

Service Identifier: web-cache

Number of Cache Engines: 1

Number of routers: 1

Total Packets Redirected: 4309554

Redirect access-list: wccp_redirect

Total Connections Denied Redirect: 12047

Total Packets Unassigned: 11

Group access-list: -none-

Total Messages Denied to Group: 0

Total Authentication failures: 0

Total Bypassed Packets Received: 0

show wccp web det

WCCP Cache-Engine information:

Web Cache ID: $proxy-ip

Protocol Version: 2.0

State: Usable

Initial Hash Info: 00000000000000000000000000000000


Assigned Hash Info:



Hash Allotment: 256 (100.00%)

Packets Redirected: 4323358

Connect Time: 15:28:01

disabling wccp and reenabling on the asa solves the problem.

But shouldn't it work automatically?

Any suggestions?



I have this problem too.
0 votes
Correct Answer by plearmouth about 6 years 11 months ago

see bug CSCsy82260 fixed in - TAC provided an excellent turn around to the case.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
whattaneguiconsul Mon, 10/05/2009 - 00:15


from my point of view ... if it works disabling wccp and re-enabling on ASA ( it seems that configuration is OK ) ... maybe you need to debug wccp when it happens.

I have a PIX 8.0.4 working OK with WCCP ( squid 3.0 ). When squid goes down PIX stops redirect. And when squid becomes available ... pIX automatically starts redirecting.

Please, can you post the config of ASA and squid?

Are you using GRE tunnel or ip_wccp module on your squid ?

Needed commands to verify all :

sh run on ASA.

sh wccp web-cache detail ( when issue happens )

Linux box :

[[email protected] ~]# iptables -t nat -n -L

[[email protected] ~]# lsmod | grep wccp

ip_wccp 7040 0

[[email protected] ~]# cat /etc/squid/squid.conf | grep '.' | grep -v "#"


plearmouth Fri, 10/16/2009 - 00:18


I have an ASA 8.2.1 with WCCP to two Ironports appliances and was just about to ask the exact same question in this forum. The problem existed in 8.1 and I had hoped that 8.2.1 would resolve it.

Everything appears to be up and useable (after an outage) but no traffic is redirected. Remove and add again and it magically works again.

A bug I think.


seibertmedia Fri, 10/16/2009 - 01:19

Interesting, so it doesn't seem to be a squid problem. Perhaps, you can open an tac, the ironport appliances should be supported, i think. I'm not sure, how it is with a squid.


plearmouth Fri, 10/16/2009 - 01:24


No I think it IS a cisco ASA issue - not IRONPORT or SQUID as the problem you describe is exactly the same for me with different caches.


seibertmedia Wed, 11/04/2009 - 01:22

I installed the new software and now it works.

Many thanks for the link.

But the workaround is much to complex

a simple

wccp interface inside redirect in

also will reactivate the redirection.


This Discussion