11-09-2014 07:17 AM - edited 03-07-2019 09:26 PM
Hi all
im trying to esablish wccp /GRE with tproxy mode session between router 3825 and squid centos 7.
the wccp is up and fine and squid service is ok.
the problem is , no traffic is being redirected from the cisco router to the squid box !!
im wondering , when i do the wccp on cisco and use GRE wccp return/hash/rediect on the squid box ..... do i need to condfigure a tunnel on the router ????
wt should be done on the router ??
here is who version :
Cisco IOS Software, 3800 Software (C3825-ADVENTERPRISEK9-M), Version 12.4(18b), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (coffee) 1986-2008 by Cisco Systems, Inc.
Compiled Mon 19-May-08 21:23 by prod_rel_team
ROM: System Bootstrap, Version 12.4(13r)T10, RELEASE SOFTWARE (fc1)
MAEG-Router uptime is 4 weeks, 3 days, 22 hours, 32 minutes
System returned to ROM by power-on
System image file is "flash:c3825-adventerprisek9-mz.124-18b.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 3825 (revision 1.2) with 225280K/36864K bytes of memory.
Processor board ID FHK1231F32C
2 Gigabit Ethernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
479K bytes of NVRAM.
62720K bytes of ATA System CompactFlash (Read/Write)
Configuration register is 0x2102
MAEG-Router#sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 192.168.10.1
Protocol Version: 2.0
Service Identifier: web-cache
Number of Service Group Clients: 0
Number of Service Group Routers: 0
Total Packets s/w Redirected: 38958
Process: 2337
Fast: 0
CEF: 36621
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 4630
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Service Identifier: 80
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 0
Process: 0
Fast: 0
CEF: 0
Redirect access-list: DRVIRUSIN
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Service Identifier: 90
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 0
Process: 0
Fast: 0
CEF: 0
Redirect access-list: DRVIRUSOUT
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
regards
11-09-2014 10:54 AM
My memory of doing WCCP with IOS was that you do not need to configure a tunnel. IOS will automatically create the tunnel.
In looking at your output I see it reporting for web cache showing packet counts but no client or router and reporting for service identifier 80 and 90 where it shows client and router but no packet count. I suspect that there is some mismatch in your configuration.
HTH
Rick
11-09-2014 12:23 PM
Hi Rick , thanks for reply .
let me ask you ,
now on the router you said GRE tunnle is created automatially ?
wt i need to do on the linux box ?
you will say GRE tunnle , ok .... GRE tunnel , but for wt ?
i do gre tunnel that identify my src ip and the destination ip of the router and wt else ?
should i router subnets here in GRE ? or just create tunnel ??
here is wt i did for linux box gre config on squid box ...... is wt i did below is suffecitnt for GRE on box ?
#iptunnel add wccp0 mode gre remote (remote ip of router) local (my squid box ip) dev eth0
#ifconfig wccp0 127.0.1.1/32 up
also , how to check the GRE tunnel is ok or not with the cisco router ?
11-09-2014 12:39 PM
Unfortunately I do not know what you need to do on the Linux box. When I configured WCCP I was responsible for the IOS side and someone else was responsible for the cache engine (in my case it was not Squid). So I have little advice for your about what is needed for Linux.
When I configured it I did the WCCP configuration. I did not configure anything about GRE tunnels. Not tunnel interface, not tunnel source, not tunnel destination, not tunnel IP. IOS configured what it needed without my doing anything for the tunnel. My memory (it has been quite a while) was that show ip interface brief would show the tunnels. My memory is not clear but I assume that show interface would probably show the tunnel. I do remember that I did not need to be concerned about the tunnels for WCCP. As long as WCCP was working then I could assume that the tunnels were working ok.
HTH
Rick
11-09-2014 12:55 PM
thank you for all help.
let me ask you , when using WCCP/transparent with tproxy
do i need to configure ip wccp web cache command ???
ip wccp web-cache
as i know its the well know service and not used with tproxy
but i followed an article and found its needed :
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2
the second question is
i cant see new interfaces when i do :
show ip int b
or
sh tunnels
?????
i mean WCCP is up , but i cant see GRE tunnels interfaces or ips for them ???!!!
thanks alot for all time you spent for help agian
regards
11-09-2014 06:14 PM
I do not know yet how to answer these questions. Perhaps you could post fresh output of show ip wccp and of show ip interface brief? Perhaps that will help to understand it.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide