wccp: Router Identifier: -not yet determined-

Unanswered Question
Feb 9th, 2010

The configuration is on ASA 5520 device.

WCCP is not working as i can see from the show commands. The router id is -not yet determined-. Why is that? Any help will be appriciated.

Global WCCP information:
    Router information:
Router Identifier:                   -not yet determined-
Protocol Version:                    2.0

    Service Identifier: web-cache
Number of Cache Engines:             0
Number of routers:                   0
Total Packets Redirected:            0
Redirect access-list:                WCCP-Redirect
Total Connections Denied Redirect:   0
Total Packets Unassigned:            0
Group access-list:                   WCCP-Group
Total Messages Denied to Group:      0
Total Authentication failures:       0
Total Bypassed Packets Received:     0

wccp interface Inside web-cache redirect in
wccp web-cache redirect-list WCCP-Redirect group-list WCCP-Group
access-list WCCP-Redirect extended permit tcp host any eq www
access-list WCCP-Group extended permit ip host any (Client Machine) (Squid Server)

Both are in same VLAN

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Tue, 02/09/2010 - 09:46

Hello Mrbzu,

be aware that OSI layer2 redirection is not supported by ASA

>> The Layer 2 redirect method is not supported; only GRE encapsulation is supported.



>> because the security appliance takes care of redirecting requests to cache engines. When the security appliance knows when a packet needs redirection, it skips TCP state tracking, TCP sequence number randomization, and NAT on these traffic flows.

probably the cache should be on another interface to be able to use GRE encapsulation..

Hope to help


smarcosmarco Thu, 02/25/2010 - 13:59


The Cisco ASA config is correct.

Add this to your squid.conf:

http_port 3128 transparent
wccp_version 4
wccp2_forwarding_method 1
wccp2_return_method 1

(where is the ASA IP Address for inside)

And run this in your bash:

ifconfig gre0 inet netmask up
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter

iptables -F -t nat
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j DNAT --to-destination

...and tell me the results :-)



This Discussion