Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Denied packets redirection to the cache engine

I have cisco ASA firewall, a Cisco router and a cachebox,  the cisco router is connected to the inside interface of my ASA  which connect directly to my inside network and my ASA is facing the WAN interface. the cache engine ip is 192.168.1.18 and my inside network is 192.168.1.0. i only enable wccp on the ASA firewall but did not enable on the router. i also permitted port 80 and 443 to be redirected to the cache engine. but after doing show command on my ASA, i got the following results

omsasa(config)# sh wccp 90

Global WCCP information:
    Router information:
        Router Identifier:                   217.14.85.227
        Protocol Version:                    2.0

    Service Identifier: 90
        Number of Cache Engines:             1
        Number of routers:                   1
        Total Packets Redirected:            0
        Redirect access-list:                wccp-users
        Total Connections Denied Redirect:   52208
        Total Packets Unassigned:            0
        Group access-list:                   wccp-server
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0

omsasa(config)# sh wccp 70

Global WCCP information:
    Router information:
        Router Identifier:                   217.14.85.227
        Protocol Version:                    2.0

    Service Identifier: 70
        Number of Cache Engines:             1
        Number of routers:                   1
        Total Packets Redirected:            0
        Redirect access-list:                wccp-able
        Total Connections Denied Redirect:   27836
        Total Packets Unassigned:            0
        Group access-list:                   wccp-server
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0

This is my wccp configuration on my ASA

omsasa(config)# sh run wccp
wccp 70 redirect-list wccp-able group-list wccp-server
wccp 90 redirect-list wccp-users group-list wccp-server
wccp interface inside 70 redirect in
wccp interface inside 90 redirect in

omsasa(config)# sh run access-list wccp-users
access-list wccp-users remark bypass proxy
access-list wccp-users remark proxy access
access-list wccp-users extended deny ip any any
access-list wccp-users extended permit tc92.168.1.0 255.255.255.0 host 192.168.1.18  eq www                                                                                     
access-list wccp-users extended permit tcp 192.168.5.0 255.255.255.252 host 192.168.1.18  eq www

omsasa(config)# sh run access-list wccp-able
access-list wccp-able remark bypass proxy
access-list wccp-able remark proxy access
access-list wccp-able extended deny ip any any
access-list wccp-able extended permit tcp 192.168.1.0 255.255.255.0 host 192.168.1.18 eq https
access-list wccp-able extended permit tcp 192.168.5.0 255.255.255.252 host 192.168.1.18 eq https

it is not redirecting. is  there anything i need to configure on the cisco router or on the ASA to make it work. please i need an answer to this problem

 

 

 

1 REPLY
Cisco Employee

Hi,I am pretty sure that i

Hi,

I am pretty sure that i had replied on this issue earlier :)

The issue is the Redirect ACL:- wccp-able and wccp-users

You have a deny ip any any above the permit statement and that is denying the redirect to the Cache server.

Please move this below the Deny ip any any statement and that should resolve the issue.

Thanks and Regards,

Vibhor Amrodia

242
Views
0
Helpful
1
Replies