To sum up, my situation is that I can see 'Here I am' and 'I see you' packets between ASA and MWG. However, the traffic that is redirected from the ASA to the MWG in GRE packets has as source IP the outside IP of the ASA which cannot be reached from inside.
I looked into this recently when a customer was thinking about using WCCP on their ASA. Unfortunately when Cisco implemented WCCP on the ASA they took some short cuts that are not present in the implementation of WCCP on IOS routers. One of those short cuts is to always pick the highest IP address as the WCCP router ID. There is no way to over ride this or to manually specify the address for the router ID. And in some cases that choice does seem to create problems. It sounds like you may have that problem. I have looked at the discussion in the link that you provide and do not fully understand how the suggestion to change routing would address the issue.
I must admit that I am not sure why the choice of router ID creates the problem. Your MWG will receive GRE encapsulated packets from that address but will not send any packets to that address. That is another thing that Cisco did to implement WCCP on the ASA that the GRE encapsulated traffic is strictly one way (ASA to filtering device) and there is no return traffic using GRE to the ASA. The packet capture in your post does show GRE encapsulated packet with the source address as the ASA router ID and the destination address as the MWG, as expected. However if you say that it does create a problem then it obviously it does. I wonder if it would help the situation if you could create a new VLAN on the ASA, give it an address higher than your ASA outside interface address, and associate the VLAN with something routable inside?
I'm not sure about creating a new vlan as all the ASA interfaces already have an address which is smaller than the wccp router id.
Although there are GRE packets leaving the ASA I'm not sure if they can reach their destination and if that's the case how to redirect them properly to their destination (the filtering device). I enclose a screenshot of my interfaces and static routes in the ASA in case you could help me to determine if the problem is because there is no communtication from the ASA to the filtering device.
I am pretty sure that the GRE packets are getting to the MWG. If I understand correctly the address of the MWG is 10.250.2.33 and clearly you have a route for that network. And if you are seeing the Here I Am and I See You packets then clearly there is correct routing of traffic from the ASA to the MWG.
If you are still concerned that the GRE packets are not getting to the MWG then perhaps you can set up a packet capture just before the MWG.
I am not familiar with the MWG but I wonder if there are any logs on the MWG that might shed light on the situation. It is my assumption that the problem is not that the GRE does not get to the MWG but the problem is more likely that MWG receives and rejects the packet. Perhaps that is reflected in log messages?
Is there any documentation with MWG that talks about how MWG communicates with the WCCP device? I wonder if MWG thinks that it needs to send responses via GRE and does not have a route to the address specified in the GRE packet? The Cisco documentation for the ASA is somewhat clear that they treat the GRE as a one way tunnel and will not accept any GRE traffic from the MWG?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :