03-16-2004 06:47 AM
Hi I am trying to use a cisco cache engine module
in a 2611 with wccp and client IP spoofing enabled. Everything seems to work fine apart from
1. Proxy protocol redirected packets always appear to be coming from the cache engine rather than from the client IP ie the IP spoofing is not working for the proxy redirects.
2.Websites with authentication do not work when a client with another proxy configured rather than the cache engine is redirected by wccp to the cache engine.
The basic config is below:
Router:
ip wccp web-cache
ip wccp 95
ip wccp 98
interface FastEthernet0/0
description interface to Internet
ip address 192.168.27.9 255.255.255.0
no ip redirects
ip wccp web-cache redirect out
ip wccp 98 redirect out
interface FastEthernet0/1
description intreface to internal network
ip address 192.168.160.1 255.255.255.0
ip wccp 95 redirect out
interface Content-Engine1/0
ip address 192.168.158.1 255.255.255.0
ip wccp redirect exclude in
service-module external ip address 192.168.159.1 255.255.255.0
service-module ip address 192.168.158.2 255.255.255.0
service-module ip default-gateway 192.168.158.1
On the cache engine:
http proxy incoming 8080
ftp proxy incoming 8080
https proxy incoming 8080
!
!
wccp router-list 1 192.168.160.1
wccp port-list 1 80 8080
wccp web-cache router-list-num 1
wccp custom-web-cache router-list-num 1 port 8080
wccp service-number 95 router-list-num 1 port-list-num 1 application cache hash-source-ip match-source-port
wccp version 2
wccp spoof-client-ip enable
!
proxy-protocol transparent default-server
Thanks
03-16-2004 07:57 AM
question 1 is normal.
Only WCCP redirected traffic will be spoofed.
I don't think you can change this.
question 2 is tricky.
By default the CE does not cache authenticated website.
What ACNS software version do you run ?
Gilles.
03-16-2004 11:22 PM
Hi Gilles
Thanks for the response. I still think the proxy requests are also being redirected by wccp. The clients browser is basically pointing to another proxy not the content engine. At the router these packets are redirected to the CE by WCCP.
On question 2 the version of the software is ACNS Release 4.2.3 (build b4 Oct 24 2002). However I think I might be missing something in my config because it never seems to execute the ssl bit of the login.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide