Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Internet connection is lost

Hi,

I have encountered an internet connection lost on my network. client desktop can ping to the internet(ex: www.google.com) but cannot browse the internet. We used WCCP to redirect traffic on the ironport. Ironport can also ping to the internet. when I check the Overview of the Ironport it seems that there is no web traffic passing on the ironport or has minimal traffic passig thgrough it. I do not know now wether it is the ironport or my switch(the one that is redirecting the traffic to ironport) that has a problem. is there a way to bypass the ironport? I am new to this device that its qhy i'm seeking assistance.

Thanks,

Bryan

8 REPLIES
Cisco Employee

Re: Internet connection is lost

Hi Bryan

Good Morning

Thanks! For the e-mail, quickest way to BYPASS ironPort will be as follows:

From GUI:

Web security manager > Bypass setting > Edit Proxy Bypass

Enter the test client ip or the web site:

(examples: example.com, crm.example.com, 10.0.0.1, 10.0.0.0/24)

Submit and test it..

To view this activity, tail bypass logs from the CLI.

Please let me know if you have ANY other questions,

Regards,

Zack

On 6/7/12 2:51 AM, "bcclarin13"

Internet connection is lost

Hi Zack,

Is this the procedure to totally bypass the ironport? i just want all traffic to be passed through.

Thanks,

Bryan

Re: Internet connection is lost

Yes, traffic in the bypass list doesn't get sent to the WSA. The bypass list is passed from the WSA to the device that's doing the WCCP redirection as a "don't send me stuff to or from these addresses, you deal with it"...

Sent from Cisco Technical Support iPad App

Internet connection is lost

Hi,

can someone tell me if my switch is redirecting traffic to my ironport with the below wccp verifications:

CORE-SWITCH-IT#sh ip wccp web-cache detail

WCCP Client information:

        WCCP Client ID:          172.24.85.3

        Protocol Version:        2.0

        State:                   Usable

        Redirection:             L2

        Packet Return:           L2

        Packets Redirected:    1503

        Connect Time:          08:04:25

        Assignment:            MASK

        Mask  SrcAddr    DstAddr    SrcPort DstPort

        ----  -------    -------    ------- -------

        0000: 0x00000526 0x00000000 0x0000  0x0000

        Value SrcAddr    DstAddr    SrcPort DstPort CE-IP

        ----- -------    -------    ------- ------- -----

        0000: 0x00000000 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0001: 0x00000002 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0002: 0x00000004 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0003: 0x00000006 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0004: 0x00000020 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0005: 0x00000022 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0006: 0x00000024 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0007: 0x00000026 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0008: 0x00000100 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0009: 0x00000102 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0010: 0x00000104 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0011: 0x00000106 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0012: 0x00000120 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0013: 0x00000122 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0014: 0x00000124 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0015: 0x00000126 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0016: 0x00000400 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0017: 0x00000402 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0018: 0x00000404 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0019: 0x00000406 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0020: 0x00000420 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0021: 0x00000422 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0022: 0x00000424 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0023: 0x00000426 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0024: 0x00000500 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0025: 0x00000502 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0026: 0x00000504 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0027: 0x00000506 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0028: 0x00000520 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0029: 0x00000522 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0030: 0x00000524 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

        0031: 0x00000526 0x00000000 0x0000  0x0000  0xAC185503 (172.24.85.3)

CORE-SWITCH-IT#

CORE-SWITCH-IT#sh ip wccp web-cache       

Global WCCP information:

    Router information:

        Router Identifier:                   172.24.94.10

        Protocol Version:                    2.0

    Service Identifier: web-cache

        Number of Service Group Clients:     1

        Number of Service Group Routers:     1

        Total Packets s/w Redirected:        2146

          Process:                           0

          CEF:                               2146

        Redirect access-list:                Ironport-Redirection

        Total Packets Denied Redirect:       15147646

        Total Packets Unassigned:            1295

        Group access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

CORE-SWITCH-IT#

CORE-SWITCH-IT#sh ip wccp web-cache view

    WCCP Routers Informed of:

        172.24.94.10

    WCCP Clients Visible:

        172.24.85.3

    WCCP Clients NOT Visible:

        -none-

CORE-SWITCH-IT#

Thanks,

Bryan

Cisco Employee

Internet connection is lost

Hi Bryan,

it doesn't look like its redirecting, but WCCPv2 seems to be established. Would you mind to share your access-list

"Ironport-Redirection" ? It looks like most of the traffic is hitting to bypass.

-Stephan

Internet connection is lost

Hi Stephen,

Please see below access list and the sample vlan that are being redirected to the ironport:

Extended IP access list Ironport-Redirection

    10 deny ip host 172.24.85.2 any

    20 deny ip host 172.24.85.3 any

    30 permit ip 10.1.67.0 0.0.0.255 172.24.97.0 0.0.0.255

    40 permit ip 172.24.97.0 0.0.0.255 10.1.67.0 0.0.0.255

    50 deny ip any 172.24.0.0 0.0.255.255 (24386576 matches)

    60 permit ip any any (3559 matches)

interface Vlan103

description Others(Web_Server_Corporate)

ip address 172.24.97.33 255.255.255.248

no ip redirects

ip wccp web-cache redirect in

!        

interface Vlan150

description LAN(SMPC,CallCenter,&WLAN_Users)

ip address 172.24.100.1 255.255.254.0

ip helper-address 172.24.96.5

no ip redirects

ip wccp web-cache redirect in

!        

interface Vlan151

description LAN(WLAN_Users_Guest)

ip address 172.24.102.1 255.255.254.0

ip helper-address 172.24.96.5

ip wccp web-cache redirect in

!        

By the way how did you know that my traffic is hitting to bypass, please kindly explain to me. Actually I have the hunch at first that it is hitting the bypass.

Thanks,

Bryan

Cisco Employee

Internet connection is lost

Hi Bryan,

to answer your question first, the counter for denied redirected traffic is pretty high which usual means that it got "bypassed. But some packets are redirected. Best is to check quick the WSA accesslogs (aclogs.current) to see what traffic actually did arrive on the WSA. If it is "empty" or doesn't show any new request.

Cisco Employee

Re: Internet connection is lost

Hi Bryan

Looking at the output from the switch it shows, switch indeed is sending the

traffic over to cache engine i.e. 172.24.85.3. I am also enclosing the WCCP

step by step T/S document here for your reference.

Please feel free to browse/review and let me know if you have ANY specific

questions,

Regards,

Zack

On 6/8/12 3:50 AM, "bcclarin13"

693
Views
0
Helpful
8
Replies