ASA 5510 - WCCP Router Id

Unanswered Question
May 18th, 2010
User Badges:

I'm trying to create a WCCP connection between my Squid server (on - inside LAN) and my ASA 5510 (inside: - outside 201.234.x.x). WCCP/GRE tunnel works perfect, they see each other, i've seen I_See_You and Here_I_Am packets. The problem is that when ASA gets the packet, it redirects alright to the Squid but with the wrong ID, because it's using its outside IP which cannot be reached from inside.

I found out that Router ID is created using higher IP configured. I tried unassigning ip addresses in every interface except inside, creating WCCP web-cache, and it does work, but the moment i assign the rest of the interfaces IPs it takes outside IP as ID again.

Is there any way that this Router ID can be changed manually?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Panos Kampanakis Tue, 05/18/2010 - 09:51
User Badges:
  • Cisco Employee,

Unfortunately the id cannot be changed. It will always pick the high one.

You need to have the engine support it and have a route back to it through the ASA.

I hope it helps.


aresiusxp Tue, 05/18/2010 - 10:01
User Badges:

Now that I think of it, if WCCP is working (I_See_You and Here_I_Am packets are going through), shouldn't everything be working?

Panos Kampanakis Tue, 05/18/2010 - 10:04
User Badges:
  • Cisco Employee,

"show wccp" statistics will show you redirect counters and if the engine is built properly.

If those look ok it is probably working.

Of course check if pages that the engine is set to block are actually blocked.


aresiusxp Tue, 05/18/2010 - 10:27
User Badges:

Everything seems to be working in the ASA, but i can't get to any page. Not even Google, and there's no blocking there.

AR01-ASA01# sh wccp

Global WCCP information:

    Router information:

        Router Identifier:                   201.234.XX.XXX

        Protocol Version:                    2.0

    Service Identifier: web-cache

        Number of Cache Engines:             1

        Number of routers:                   1

        Total Packets Redirected:            857

        Redirect access-list:                SquidGRE

        Total Connections Denied Redirect:   0

        Total Packets Unassigned:            1

        Group access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

Panos Kampanakis Tue, 05/18/2010 - 10:39
User Badges:
  • Cisco Employee,

Probably the problem is with the route id.

The HELLOS are exchanged, but probably the engine is rejecting the wccp GRE packets from the router id.

Also the wccp engine should be able to directly talk to the host that is browsing, you need to ensure that is allowed also.

I hope it helps.


aresiusxp Tue, 05/18/2010 - 11:01
User Badges:

Ok, first of all, thanks for replying every time. I really appreciate it.

So, probably i should configure Squid wccp server so it matches Router ID in ASA. But the problem is that i can't get to the public IP since ASA won't let me go through. How can I make it work?

Panos Kampanakis Tue, 05/18/2010 - 11:42
User Badges:
  • Cisco Employee,

Change your routing so that the traffic destined to the routing id hits the ASA inside.

I don't think that is your problem now.I believe that Squid ignores that router id.


aresiusxp Wed, 05/19/2010 - 05:26
User Badges:

Ok, i'm starting to feel like a newbie.

How can i add a route like that? And where?

Squid is connected to Layer 3 switch Cisco 3560, which is connected to ASA.

Where should I add a route? and how? ip route xxx xx xx xx?

Panos Kampanakis Wed, 05/19/2010 - 05:56
User Badges:
  • Cisco Employee,

Upstream to your routing devices that are between wccp engine and ASA.


Varun K S Thu, 10/24/2013 - 23:57
User Badges:

Hi Patircio,

Can you let me know if this scenario was working for you. Because I have issue now.

Can you let me know what solved it.


This Discussion

Related Content