Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2458
Views
0
Helpful
2
Replies

Transparent Web proxy - Wccp with Squid

jdczerwinski
Level 1
Level 1

‎11-11-2009 03:49 PM - edited ‎03-04-2019 06:40 AM

I have configured a Squid3 proxy server on Debian using WCCP to a Cisco 2821 router (via GRE tunnel). Regular HTTP traffic works just fine. Anytime I try to connect to HTTPS, it times out.

I've compiled Squid with --enable-ssl.

The squid configuration is as follows:

####################################################################

# Squid3 Configuration

#

#

#

# Cisco Router at 10.50.40.1

# GRE tunnel to Ciso Router at 10.50.1.1 # # Local Squid3 server

# name: wwifi-atl-squid1

# IP: 10.50.40.100

# WCCPv2 (Transparent mode)

#

####################################################################

visible_hostname wwifi-atl-squid1

# cache_effective_user squid squid

http_port 10.50.40.100:3128 transparent

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY

acl apache rep_header Server ^Apache

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

# Access Control List Definitions

acl localnet src 10.50.10.0/24 10.50.20.0/24 10.50.30.0/24 10.50.40.0/24 10.50.100.0/24 10.50.201.0/24

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563 # https, snews

acl SSL_ports port 873 # rsync

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 631 # cups

acl Safe_ports port 873 # rsync

acl Safe_ports port 901 # SWAT

acl purge method PURGE

acl CONNECT method CONNECT

# http allows/denies

always_direct allow all

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost

http_access allow localnet

http_reply_access allow all

icp_access allow all

debug_options ALL,1

# Following options are for transparent mode wccp2_router 10.50.40.1 wccp2_rebuild_wait on wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_assignment_method 1 wccp2_service standard 0 wccp2_address 10.50.40.100

Labels:
0 Helpful
2 Replies 2

simontibbitts
Level 1
Level 1

‎11-12-2009 12:38 AM

Hello.

What is your configuration and IOS version on the Cisco 2821 router? First thing that jumps out at me is you might be running only WCCP version 1 which supports only port 80. It should be version 2 by default but you can try the command to make sure:

ip wccp version 2

Simon

0 Helpful

jdczerwinski
Level 1
Level 1
In response to simontibbitts

‎11-12-2009 08:04 AM

Version is:

Version 12.4(24)T1

I am also running WCCPv2 on the router.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card