Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

WCCP Transparent Proxy over DMVPN

Hi,

I´m trying to config a wccp web-proxy in a ISR 2811 at branch network. I have an Iron Port at Head-Quarter.

The idea is that the users at branch network, transparently forward http traffic to Iron Port at Central-Office and from them go to Internet.

The communication between sites is over DMVPN. I have two GRE tunnels running OSPF.

The Iron Port is configured as wccp v2 transparent redirection with forwarding method L2 or GRE an retunr method as L2 or GRE.

I receive packets on the branch router "Here I Am" but it get a message on debug:


Nov 21 19:26:07.067 GMT-2: WCCP-EVNT:D10: Here_I_Am packet from 172.16.10.10 w/bad fwd method L2, received indirectly via Tunnel1
Nov 21 19:26:07.067 GMT-2: WCCP-EVNT:D10: Here_I_Am packet from 172.16.10.10 with incompatible capabilites


Nov 21 19:46:07.035 GMT-2: WCCP-PKT:D10: Sending I_See_You packet to 172.16.10.10 w/ rcv_id 0000004F

Is it possible to implement this scenario at this way?

Please, any idea?

Thanks!!

1 REPLY
New Member

Re: WCCP Transparent Proxy over DMVPN

I am having the same issue using 871 routers on the remote side.  I was able to get WCCP to work intermitently running 12.4(9)t (It would work for a short time and then the redirection would stop and the router would loose the WCCP connection to the IronPort devices.

We have two Iron Port Web filters, one in the 6.X version of code and the other in the 7.1.X code line.

After upgrading to 12.4(24)t5 I get:

WCCP Client information:
        WCCP Client ID:          xxxx
        Protocol Version:        2.0
        State:                   NOT Usable (Protocol not L2 connected)
        Redirection:             L2
        Packet Return:           L2
        Packets Redirected:      0
        Connect Time:            02:26:42
        Assignment:              MASK


        WCCP Client ID:          xxxx
        Protocol Version:        2.0
        State:                   NOT Usable (Protocol not L2 connected)
        Redirection:             L2
        Packet Return:           L2
        Packets Redirected:      0
        Connect Time:            02:25:09
        Assignment:              MASK

I too have both L2 or GRE and MASK or HASH configured on the Ironport for the policies that we are using.

I can't switch over to only GRE as we also have some 4500 switches that are connected L2 to the Ironports.

Is there a way to force the router to only talk GRE and HASH, as it looks like this is a capability election issue in IOS for WCCP?

962
Views
0
Helpful
1
Replies
CreatePlease to create content