I have two remote sites (Site A and Site B. Please see attached diagram), site A has two routers each with a separate WAN link (one to Verizon and one to Sprint) and site B only has one router with one WAN link to Sprint. I am running HSRP at site A with HSRP active on the Verizon router. And on both routers at site A I am running "IP WCCP 61 redirect in" on the LAN interface and "IP WCCP 62 redirect in" on the WAN interface and "IP WCCP redirect exclude in" on the subinterface that connects to the WAE device. When traffic leaves site A to site B it will hit the Verizon router first since it is HSRP active but it has not direct path to site B because site B does not have WAN connection to Verizon, so the traffic will then get rerouted over to the Sprint router to get out to site B.
Here is my issue: When the Verizon router receives a packet leaving for site B it redirects the packet to the WAE, then the WAE returns the packet to the Verizon router, it then does a layer 3 look up and sees that it has to route the packet to the Sprint router to get to site B. Then when the Sprint router receives the packet, it then redirects the packet to the WAE again and hence the WAE drops the packet as it sees the packet gets redirected to it twice.
Does anyone know if that's a normal behavior ?
Has anyone run into this issue and how to work around it ? I appreciate any inputs / suggestions !!!
And I do have "egress-method negotiated-return intercept-method wccp" on the WAE device.
That behavior is normal. If a WAE see the traffic more than once than the WAE will think that the packet is in a loop and drop the packet to protect the network from a wccp redirection loop.
egress method neg return is to make sure that the WAE send the traffic back to router that sent the traffic to it.
One way to overcome your configuration, i believe, is to place wccp 61/61 in/out on the wan interface and no redirection on the LAN interface. This way the routing decision will happen before redirection and redirection should happen only once.
I believe I have a similar issue where the primary HSRP router redirects via WCCP to WAAS, returns, and then when routed to the standby HSRP router, is redirected again and dropped. However, in my case, we're using IPSec tunnels on the WAN, which I believe precludes me from applying the WCCP redirect statements to the WAN interface. How would I get around that?
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...