I am getting the following message while trying to configure WCCP redirection on my 7200 router.
I have added this router to the routerlist of the WAE edge device. Ping is successful, but the following problem prevails.
NASCM-MPLS#show ip wccp
Global WCCP information:
Router information:
[Code]....
I’m currently trying to work out what router we need to do WCCP redirections to some WAN optimizers. We plan that there will 100-200Mbps worth of traffic that needs to be redirected.
We currently have a 7200 with NPE-G2 which already runs at 30% cpu without WCCP redirection. (From shaping and QoS.)
I’m worried that this will not be powerful enough for the redirections.
We would like to upgrade, but I want to do some research beforehand.I have looked everywhere and I cannot find any WCCP performance figures for the devices below.
-7200 with NPE-G2 -ASR1000 -3800 -3750 -6500 I am aware that the catalyst and the ASR can do the redirecting in hardware, so these means there is no real CPU hit until we exhaust the TCM? We plan to use in bound redirection and the redirect ACL is only 20 lines.
I've been looking around Cisco's website but I can't find an answer to this -- If the 2900 platform suppots WCCP redirection using GRE?
View 1 Replies View RelatedMy problem is, it doesn’t seem like packets are making it to the linux/squid caching device, based on cache logs. Workstations that are being redirected in the router have no web browser access (they can ping 8.8.8.8 and google.com)
I have a linux box running squid successfully, which supports GRE WCCP. For the sake of argument, I will say that I am confident I have successfully configured that machine.
What’s really strange is this morning I came in and hind sight my test workstation looked like it may had restarted from an update. (maybe had internet access). The first thing I did was tweak the cisco config, as I was reading last night and saw:
“Be warned that if you are using NAT you MUST use the inbound interface otherwise the router only sees the NATted IP address as the source of your clients. This is bad, because the router is also therefore unable to see your cache engine and it will redirect the cache engine requests back upon itself.”
So I turned <ip cef> on and removed the <ip wccp web-cache redirect out> (I had in fa0/1 and out fa0/0 on overnight).
Then I proceeded to check the workstation and saw it had network access, I tested to see if it was in fact filtered by the proxy, and it was! (verified by cache logs aswell)
After some further successful testing, I made sure I saved any unsaved configuration changes, I rebooted the linux box and the router. Sadly the outcome was not good, I am back to where I was last night.
My router does routing/NAT and has two interfaces and is currently not running CEF
ip wccp web-cache redirect-list SQUID_PROXY
!
interface FastEthernet0/0
description WAN
ip address 1.2.3.4 255.255.255.248
ip nat outside
ip virtual-reassembly max-reassemblies 64
speed 100
full-duplex(code)
Currently using WCCP with squid for content filtering. One of our sites we connect to needs to see the connection coming from our public IP address, not the proxy server IP. I've created a acl in squid for direct lookup, but the website gets angry with the X-Forwarder-Header squid attaches to each packet. Is there a way in a cisco ASA 5505 to bypass wccp for a specific public ip address or url?
View 4 Replies View Relatedif a Cisco router or switch can handle wccp redirection enabled for both waas and some other web content filtering appliance using a different service group?
seems like the priority value would come into play determining which service group gets handled first?
we currently do WCCP for WaaS on our 3945s.
I am going to advocate to my customer that we separate this out for CPU load issues, config complexity issues, IOS issues, etc... but the question is going to come up - "can we do WCCP for different applications on our Catalyst 3750 core switch, or our 3945 WAN routers?"
OSPF-4-ERRRCV: Received invalid packet: Bad LLS Checksum with one of our tunnels
View 1 Replies View RelatedMy company has a spare 7200 VXR, originally planned to be placed on our TDM network. This plan was not followed through, but I'd like to switch it's function to work as a core router on our BGP network. I'd like for this 7200 to be able to handle full routes from our eBGP peer, something the SUP module in my 6500 isn't capable of doing. What kind of SUP module should i look at replacing this 7200 VXR with?
View 5 Replies View Relatedhow many GRE tunnels (without IPSEC) can 7206 router supported. I have low bandwidth 2000 links & i want to configure GRE tunnels for them.
View 1 Replies View RelatedI have 7200 Router some flows are not forwarded and when i check ""show ip cache flow"" output i found the destination interface is going to Null i checked the access-list it permits these flows.
View 3 Replies View RelatedOne of my customer is looking for 1 port OC3 card for 7200 series router. There are two options (PA-POS-2OC3/PA-A6-OC3)However my customer is not sure whether he wants a ATM/POS card.
How to determine whether i should go for ATM or POS Card for OC3. Or atleast what should be my approach to determine whether i should go for ATM or POS Card for OC3.
I have on 7200 series router with NPE-G1 module which is facing high CPU utilization. I have not found any particular process causing this high CPU utilization as it is caused due to interrupts. I have already enabled fast switching by "ip cef" command. Please suggest how to normalize the utilization as it is impacting the network and causing slowness. Please find below the output of show process cpu and also find attached the show tech of the device. Also let me know if any other output is required.
[CODE]...
We are running ISP and now a days we have many spam in our network, we want block the SMTP port 25 block on Cisco router 7200. So we can block the spam in our network.
View 3 Replies View RelatedI am having some issues with creating an ACL for my gateway router.I want to block external access to my network 192.168.1.0/24 from internet so i set up the ACL on the WAN port of my 7200 router asI am using named extened access list -
{
deny ip any 192.168.1.0 0.0.0.255 log
permit ip any any
}
and i applied this inbound accesslist on the WAN port of router as
"ip access-group acl-in in"
Now i have blocked the external traffic to my network 192.168.1.0/24 but the issue i am having is i am also unable to reach outside now. All i want is to block external traffic on the router WAN port but allow internal traffic to outside. Did i miss anything in the access list?
I am experiecing issues with HSRP.I have two 7200 core routers connected via one portchannel layer 2 and i set up the HSRP.The switch 01 is the master and 02 is the bkp.the problem is, the bkp router can´t see the master and there are a lot of loggs with active-speak and can´t see the master. the configuration are ok, i just check and recheck but there are no mistakes. [code] the configurations are ok, but the router can´t see each other, just in the vlan 500 the other vlans are ok.
View 7 Replies View RelatedI am facing a problem when configuring the ipsec vpn on my 7200 router. [code]
View 5 Replies View RelatedI have a CAB-OCT-V35-FC cable in my Cisco 7200 router and not all of them are utilized. I have to connect another site with a point to point leased line and I am planning to use one of the ports in my Cisco 7200 router which is using the CAB-OCT-V35-FC cable. My problem is both the cable end and the modem is V.35 female connector and both are DCE. I need to build a crossover cable of V.35 male to male which will connect the Cisco 7200 router and the modem.
View 2 Replies View Related7200 VXR router got rebooted after due software crash dump.I have replaced NPE-G1 but still router is rebooting. Currently I am running with 12.4 (15)T 13 IOS.Crash Dump file is attached.
View 4 Replies View RelatedHow do I upgrade the boot rom version on the 7200 router? I am running IOS Version 12.4(22)T and when I plug in the serial ds3 card in my router it keeps rebooting with a watch dog error ( see below). Also, what version should I upgrade to?
Router#sh verCisco IOS Software, 7200 Software (C7200-SPSERVICESK9-M), Version 12.4(22)T, RELEASE SOFTWARE (fc1)Technical Support: [URL] Copyright (c) 1986-2008 by Cisco Systems, Inc.Compiled Fri 10-Oct-08 10:10 by prod_rel_team
ROM: System Bootstrap, Version 12.2(4r)B, RELEASE SOFTWARE (fc1)BOOTLDR: 7200 Software (C7200-BOOT-M), Version 12.0(13)S, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Router uptime is 0 minutesSystem returned to ROM by power-onSystem image file is "sup-slot0:/c7200-spservicesk9-mz.124-22.T.bin"
[code]....
why my router will not synchronize with an NTP server located an off-site facility; the NTP server is located at the Naval Observatory. I have a Cisco 7200 VXR IOS 12.4 The clock and calendar both are set correctly.
View 2 Replies View RelatedI have a E4200 router, and I had previously plugged in a small external hard drive just to test the functionality. The router seemed to recognize the storage, and the computers on the network could see it as a shared drive. Now I have plugged in a Seagate 7200 internal hard drive inside a Rocketfish enclosure, but the router is not recognizing anything. I just upgraded the firmware to 1.0.04, but there was no change. Are there problems using an enclosure rather than just plugging in an external hard drive?
View 1 Replies View RelatedSo Im trying to learn a little bit more about WCCP so I thought I'd load up a centos VM and just install squid on it. With the base config running I can setup an explicit proxy by configuring my IE session to use the squid IP on port 3128. Proxy works fine and I see entries in the access log on the centos box. Now, since Im only running squid on the box Im going to change the listening port to 80 so I can transparent proxy with WCCP on my ASA. So I set the WCCP2 config on squid as shown.
View 10 Replies View RelatedWe have 881 routers and are planning on testing out some WAN optimizing hardware, we're told that our router needs to support PBR and WCCP protocols. Will this router handle it?
View 3 Replies View Relatedif the Cisco Switches in my enviorment can support WCCP?
View 1 Replies View RelatedI need to roll out a Bluecoat as a WCCP for a ASA 5520.
View 3 Replies View RelatedI'm using a Cisco AG3560 to run my wccp re-direct and have a McAfee for my web gateway. My IP for the web gateway is 10.1.252.19, and my wccp router is 10.1.3.10. For whatever reason the web gateway is able to see the router and the "here i am packets" but I cannot get anything to redirect to it. My wccp config is below.
ip wccp 51 redirect-list 120
!
interface Loopback0
ip address 10.1.254.17 255.255.255.255
[code]...
I have the Web Gatewy setup with process 51 and my router on the WG is 10.1.252.10.
I currently have WCCP redirection setup on my ASA 5520 to redirect to an ironport on ip address 10.11.1.10. The ASA inside ip is 10.11.1.1 and the ironport is setup for transparent redirection to that IP. This all works well and the Service Identifier i'm using for WCCP is 95.I am now creating another WCCP group because on my ironport I have 4 interfaces so I wanted to use them for our admin network. So I created an ACL on the ASA for our admin traffic and I want to redirect that using Service Identifier 94 to the ip on the ironport of 10.11.1.22. But I can't get traffic to redirect.
View 1 Replies View RelatedI am trying to setup WCCP on our 4507. For some reason I cannot get this to work! The config I have tried is below. I can't figure out
ip wccp web-cache group-list IRONPORT-GROUPLIST
ip wccp source-interface GigabitEthernet2/24
!
Interface Vlan160
[Code].....
When the following was issued:
ip wccp 0 redirect-list wccp_acl group-list 10 password 0 ourpassword
Received this error:
MDT: %COMMON_FIB-3-FIBIDBINCONS2: An internal software error occurred. WCCP:0 linked to wrong idb Loopback0 (xyz node name)
When the following was issued 10 minutes later:
ip wccp 70 redirect-list wccp_acl group-list 10 password 0 ourpassword
No error msg (but now wccp was active)WCCP appears to be working but we are ** having problems connecting ** with our websense (7.6) box via GRE.Websense is connected to the 6509 which is connected this 3750 switch.
I have the following topology, WCCP is configurated on ASA, inside interface, lan users and websense machine are located on the same VLAN of my catalyst 3750G?I want to filter traffic on port 80 (www) to the users on the LAN side debug on the ASA show me that comunication between that device and Websense is OK, there is Here_I_Am and I_See_You packets
WCCP-PKT:D00: Sending I_See_You packet to WEBSENSE_PROXY w/ rcv_id 0000015B
WCCP-PKT:D00: Received valid Here_I_Am packet from WEBSENSE_PROXY w/rcv_id 0000015B
WCCP-PKT:D00: Sending I_See_You packet to WEBSENSE_PROXY w/ rcv_id 0000015C
WCCP-PKT:D00: Received valid Here_I_Am packet from WEBSENSE_PROXY w/rcv_id 0000015C
WCCP-PKT:D00: Sending I_See_You packet to WEBSENSE_PROXY w/ rcv_id 0000015D
From show WCCP i saw that WCCP engine and ASA were detected
FW# sh wccp
Global WCCP information:
Router information:
Router Identifier: 200.X.X.X
Protocol Version: 2.0
[code]....
I have created a VPN site to site tunnel between Pix and Router. I have pix in my control but router is under Client control. I have done everthing I need to do but I am getting errors.
When I run sh isakmp sa , I get .
Total : 1
Embryonic : 0
dst src state pending created
x.x.x.x x.x.x.x QM_IDLE 0 0
When I run sh ipsec sa , I get...
local ident (addr/mask/prot/port): (10.0.0.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (x.x.x.x/255.255.255.255/0/0)
current_peer: x.x.x.x:0
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
[code].....
I'm testing WCCP in a lab environment (Another checkbox on my way to CCIE).The setup- a WS-C3560-8PC switch running IOS 15.0(1), IP Services with crypto.- Two client computers connected by wire to the switch, running Windows 7.- A virtual machine in bridged mode running on one of the machines, running OpenBSD 5.0 with Squid 2.7 installed and running.- Everything in the same subnet: 192.168.163.0/24, the OpenBSD is at .5, the switch at .3 and functions as the default-gateway for the computers with no ICMP redirects (the real gateway is at .1 but the switch forwards everything).Squid seems to work, albeit inefficient, but that's not the issue.illing in the IP of the OpenBSD in the browser as proxy with the proper port works.Since the 3560 does only support WCCP over layer 2 adjacencies and masks, not hash buckets, I've configured these options on both the Squid and the 3560.
View 19 Replies View RelatedI'm setting up a config to have WCCP with Blue Coat WAN Optimizer. I have following sinple setup at the moment. Cisco 6500 <----> Firewall. How should my topology should be. Should I have whe WAN-Optimizer in between (in path of switch and firewall on the same VLAN) or have different vlan hanging off the 6500 and have WCCP redirect traffic?
View 2 Replies View Related