Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
2
Replies

IP Spoofing

nambale
Level 1
Level 1

‎03-16-2004 06:47 AM

Hi I am trying to use a cisco cache engine module

in a 2611 with wccp and client IP spoofing enabled. Everything seems to work fine apart from

1. Proxy protocol redirected packets always appear to be coming from the cache engine rather than from the client IP ie the IP spoofing is not working for the proxy redirects.

2.Websites with authentication do not work when a client with another proxy configured rather than the cache engine is redirected by wccp to the cache engine.

The basic config is below:

Router:

ip wccp web-cache

ip wccp 95

ip wccp 98

interface FastEthernet0/0

description interface to Internet

ip address 192.168.27.9 255.255.255.0

no ip redirects

ip wccp web-cache redirect out

ip wccp 98 redirect out

interface FastEthernet0/1

description intreface to internal network

ip address 192.168.160.1 255.255.255.0

ip wccp 95 redirect out

interface Content-Engine1/0

ip address 192.168.158.1 255.255.255.0

ip wccp redirect exclude in

service-module external ip address 192.168.159.1 255.255.255.0

service-module ip address 192.168.158.2 255.255.255.0

service-module ip default-gateway 192.168.158.1

On the cache engine:

http proxy incoming 8080

ftp proxy incoming 8080

https proxy incoming 8080

!

!

wccp router-list 1 192.168.160.1

wccp port-list 1 80 8080

wccp web-cache router-list-num 1

wccp custom-web-cache router-list-num 1 port 8080

wccp service-number 95 router-list-num 1 port-list-num 1 application cache hash-source-ip match-source-port

wccp version 2

wccp spoof-client-ip enable

!

proxy-protocol transparent default-server

Thanks

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎03-16-2004 07:57 AM

question 1 is normal.

Only WCCP redirected traffic will be spoofed.

I don't think you can change this.

question 2 is tricky.

By default the CE does not cache authenticated website.

What ACNS software version do you run ?

Gilles.

0 Helpful

nambale
Level 1
Level 1
In response to Gilles Dufour

‎03-16-2004 11:22 PM

Hi Gilles

Thanks for the response. I still think the proxy requests are also being redirected by wccp. The clients browser is basically pointing to another proxy not the content engine. At the router these packets are redirected to the CE by WCCP.

On question 2 the version of the software is ACNS Release 4.2.3 (build b4 Oct 24 2002). However I think I might be missing something in my config because it never seems to execute the ssl bit of the login.

Thanks

0 Helpful
Customers Also Viewed These Support Documents