Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

wccp: Router Identifier: -not yet determined-

The configuration is on ASA 5520 device.

WCCP is not working as i can see from the show commands. The router id is -not yet determined-. Why is that? Any help will be appriciated.

Global WCCP information:
    Router information:
Router Identifier:                   -not yet determined-
Protocol Version:                    2.0

    Service Identifier: web-cache
Number of Cache Engines:             0
Number of routers:                   0
Total Packets Redirected:            0
Redirect access-list:                WCCP-Redirect
Total Connections Denied Redirect:   0
Total Packets Unassigned:            0
Group access-list:                   WCCP-Group
Total Messages Denied to Group:      0
Total Authentication failures:       0
Total Bypassed Packets Received:     0

wccp interface Inside web-cache redirect in
wccp web-cache redirect-list WCCP-Redirect group-list WCCP-Group
access-list WCCP-Redirect extended permit tcp host any eq www
access-list WCCP-Group extended permit ip host any (Client Machine) (Squid Server)

Both are in same VLAN

Hall of Fame Super Silver

Re: wccp: Router Identifier: -not yet determined-

Hello Mrbzu,

be aware that OSI layer2 redirection is not supported by ASA

>> The Layer 2 redirect method is not supported; only GRE encapsulation is supported.


>> because the security appliance takes care of redirecting requests to cache engines. When the security appliance knows when a packet needs redirection, it skips TCP state tracking, TCP sequence number randomization, and NAT on these traffic flows.

probably the cache should be on another interface to be able to use GRE encapsulation..

Hope to help


New Member

Re: wccp: Router Identifier: -not yet determined-


The Cisco ASA config is correct.

Add this to your squid.conf:

http_port 3128 transparent
wccp_version 4
wccp2_forwarding_method 1
wccp2_return_method 1

(where is the ASA IP Address for inside)

And run this in your bash:

ifconfig gre0 inet netmask up
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter

iptables -F -t nat
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j DNAT --to-destination

...and tell me the results :-)