I have been looking for information relating to the configuration of WCCP in relation to standard client side NAT of private addresses. NAT order of operations gives some indication of how it works but I am wondering if there is any recommended guidelines to insure NAT and WCCP function correctly with the desired outcome being both non NAT and NATed traffic is accelerated.
I have attached a diagram for reference.
In Scenerio 1.
Redirection is WCCP GRE/IP Forwarding,
The WAE is on its own subnet.
A redirection list only redirects traffic between the DC and the BO public range (including NAT global) on the WAN interface (in and out).
Internal Public non-Nat'ed traffic shows up in the connection statistics optimized but the NAT global addresses show up on the DC WAE as "PT no Peer"
In Scenerio 2.
Redirection out of the WAN interface is moved to (in) the LAN interface of the router and the redirect ACL is expanded to include ANY-DC, DC-ANY ( including the private 172.x.x.x/xx range)
This breaks NAT. I assume because wccp occurs before NAT (inside-outside).
From the information I have found I guess
1. Redirection should be oubound in one direction (WAN interface) if IP CEF is enabled ?
2. the WAE interface should be in NAT inside and the redirect ACL include the private inside range ?
I was trying to look for an answer to your question and this is the best I found to help you address your issue. I am not sure whether this will resovle your problem but defining proper order of IOS commands will certainly help here.
For general reference, the usual Cisco IOS Software order of operation on software-based platforms is noted below:
Inside to outside: 1. decryption 2. input ACL 3. inspect 4. routing 5. WCCP 6. Network Address Translation (NAT) inside to outside 7. crypto (check map and mark for encryption) 8. output ACL 9. inspect
Outside to inside: 1. decryption 2. input ACL 3. inspect 4. NAT outside to inside 5. WCCP 6. routing 7. crypto (check map and mark for encryption) 8. output ACL 9. inspect
If you follow the NAT'ing rule above, it should work with NAT.
PS: If this addresses the issue, please mark it as Answered.
I had looked at the NAT order of operation which does give some indication of how the config should be. If wccp occurs before NAT then configuring redirection on the LAN side interface and configuring the WAE interface as NAT inside may work. I will test further but thanks.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...