11-11-2009 03:49 PM - edited 03-04-2019 06:40 AM
I have configured a Squid3 proxy server on Debian using WCCP to a Cisco 2821 router (via GRE tunnel). Regular HTTP traffic works just fine. Anytime I try to connect to HTTPS, it times out.
I've compiled Squid with --enable-ssl.
The squid configuration is as follows:
####################################################################
# Squid3 Configuration
#
#
#
# Cisco Router at 10.50.40.1
# GRE tunnel to Ciso Router at 10.50.1.1 # # Local Squid3 server
# name: wwifi-atl-squid1
# IP: 10.50.40.100
# WCCPv2 (Transparent mode)
#
####################################################################
visible_hostname wwifi-atl-squid1
# cache_effective_user squid squid
http_port 10.50.40.100:3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# Access Control List Definitions
acl localnet src 10.50.10.0/24 10.50.20.0/24 10.50.30.0/24 10.50.40.0/24 10.50.100.0/24 10.50.201.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# http allows/denies
always_direct allow all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_reply_access allow all
icp_access allow all
debug_options ALL,1
# Following options are for transparent mode wccp2_router 10.50.40.1 wccp2_rebuild_wait on wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_assignment_method 1 wccp2_service standard 0 wccp2_address 10.50.40.100
11-12-2009 12:38 AM
Hello.
What is your configuration and IOS version on the Cisco 2821 router? First thing that jumps out at me is you might be running only WCCP version 1 which supports only port 80. It should be version 2 by default but you can try the command to make sure:
ip wccp version 2
Simon
11-12-2009 08:04 AM
Version is:
Version 12.4(24)T1
I am also running WCCPv2 on the router.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide