Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1139
Views
0
Helpful
1
Replies

WCCP Transparent Proxy over DMVPN

PauloHirakawa
Level 1
Level 1

‎11-21-2010 01:48 PM - edited ‎03-04-2019 10:32 AM

Hi,

I´m trying to config a wccp web-proxy in a ISR 2811 at branch network. I have an Iron Port at Head-Quarter.

The idea is that the users at branch network, transparently forward http traffic to Iron Port at Central-Office and from them go to Internet.

The communication between sites is over DMVPN. I have two GRE tunnels running OSPF.

The Iron Port is configured as wccp v2 transparent redirection with forwarding method L2 or GRE an retunr method as L2 or GRE.

I receive packets on the branch router "Here I Am" but it get a message on debug:


Nov 21 19:26:07.067 GMT-2: WCCP-EVNT:D10: Here_I_Am packet from 172.16.10.10 w/bad fwd method L2, received indirectly via Tunnel1
Nov 21 19:26:07.067 GMT-2: WCCP-EVNT:D10: Here_I_Am packet from 172.16.10.10 with incompatible capabilites


Nov 21 19:46:07.035 GMT-2: WCCP-PKT:D10: Sending I_See_You packet to 172.16.10.10 w/ rcv_id 0000004F

Is it possible to implement this scenario at this way?

Please, any idea?

Thanks!!

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Todd Volz
Level 1
Level 1

‎04-14-2011 11:39 AM

I am having the same issue using 871 routers on the remote side.  I was able to get WCCP to work intermitently running 12.4(9)t (It would work for a short time and then the redirection would stop and the router would loose the WCCP connection to the IronPort devices.

We have two Iron Port Web filters, one in the 6.X version of code and the other in the 7.1.X code line.

After upgrading to 12.4(24)t5 I get:

WCCP Client information:
        WCCP Client ID:          xxxx
        Protocol Version:        2.0
        State:                   NOT Usable (Protocol not L2 connected)
        Redirection:             L2
        Packet Return:           L2
        Packets Redirected:      0
        Connect Time:            02:26:42
        Assignment:              MASK


        WCCP Client ID:          xxxx
        Protocol Version:        2.0
        State:                   NOT Usable (Protocol not L2 connected)
        Redirection:             L2
        Packet Return:           L2
        Packets Redirected:      0
        Connect Time:            02:25:09
        Assignment:              MASK

I too have both L2 or GRE and MASK or HASH configured on the Ironport for the policies that we are using.

I can't switch over to only GRE as we also have some 4500 switches that are connected L2 to the Ironports.

Is there a way to force the router to only talk GRE and HASH, as it looks like this is a capability election issue in IOS for WCCP?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card