Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

WSA & CAT6500 WCCP GRE Tunnel

Hello everyone

First time writing in the support community. So exiting!!!!

I am trying to have a transparent WSA (7.5) with a CAT6509 SXF7 WCCP. between them there is a Firewall/router. so I built the WCCP with GRE/L3.

so far so good. WCCP GRE tunnel is there.

However cannot surf the internet.

After much troubleshooting (wireshark mainly) I believe I know where the problem is.

Client want to surf the Internet (http)

Client sends a SYN request to the IP of the website (after resolving DNS)

CAT6500 tunnels the request with GRE to WSA

WSA receives request and sends to SYN packet to the webpage.

Webpage sends a SYN ACK to WSA  (no spoofing)

PROBLEM: WSA then sends the SYN ACK without GRE to client with in turn does not go through the FW

Client does not receive SYN ACK, sends another SYN and then another until he gives up.

Question: How can I force the WSA to return traffic through the GRE tunnel.

I already chose return method as "alloow GRE only" under WCCPv2 Service

So look forward to receive some help

Everyone's tags (3)
CreatePlease to create content