Cisco Switching/Routing :: 6500 - Acl Object Group With Wccp Redirect List
Dec 31, 2012Can i use acl object group with wccp redirect list?My platforms are 6500 and isr 2921
View 1 Replies
ADVERTISEMENT
Cisco Switching/Routing :: WCCP V2 - Unable To Redirect The HTTPS Traffic?
Jun 3, 2013I am unable to redirect the HTTPS traffic on my cisco router with WCCP V2
View 2 Replies View RelatedCisco Switching/Routing :: Can't Execute (ip Wccp Redirect Out) On 3750 Switch
Mar 13, 2012Today, my customer have 1 project that have to deploy Cisco 3750 to redirect wccpv2 to Websense Security Gateway.However, i can't excute "ip wccp redirect out" on Cisco Catalyst 3750.
View 5 Replies View RelatedCisco Switching/Routing :: Cat4500 With IOS-XE And Object Group ACLs
Feb 5, 2013Any one know when object-group ACLs will be supported in cat4500 IOS-XE ?? Doesnt seem to be supported now.
View 1 Replies View RelatedCisco Switching/Routing :: 2911 - How To Create Object-group With ACL
Jan 2, 2012In cisco router 2911 how to creat a network object with port permission on ACL. herz what i have done but couldnt succeed in port 22 and 24 should be denied and rest all port services are allowed to outside interface. [code]
View 3 Replies View RelatedCisco Switching/Routing :: Object Group In C3560 & C3750 Switches?
Feb 16, 2011I have two layer 3 switches C3560 and C3750 Cisco switches with ios version "ipservices-mz.122-35.SE5".Now with the current ios version, these layer 3 switches are not supporting object group.so my question is , do i need to upgrade the ios, for this feature, if yes, which version ?
View 7 Replies View RelatedCisco Switching/Routing :: WCCP On 6500 With Squid Proxy
May 19, 2012I have been tasked to setup a Transparent Squid proxy and do redirection on a Cisco 6513 Switch.I don't have access to the SQUID but think that my config below should be OK. We have setup a TEST user Vlan 13 . Any traffic from this destined for the we on 80 or 443 should be redirected. Vlan 10 is where the Squid proxy is sitting. [code]
View 3 Replies View RelatedCisco Firewall :: 5520 - Object-group With Network-object Containing IP Address Range
Apr 7, 2013Does the ASA treat an object-group with a network-object containing a range of IP addresses as a netmask? For example, I can apply this configuration without the ASA throwing any errors though the configuration calls for a 'net mask':
object-group network test
network-object 192.168.0.0 192.168.63.255
?
network-object-group mode commands/options:
A.B.C.D Enter an IPv4 network mask
sh run ob id test
object-group network test
network-object 192.168.0.0 192.168.63.255
I found that in the documentation it requires a netmask as oppose to a range. Is this a bug in the code? I am running code version 8.0(5)23 on a 5520. If this is not a bug how does the ASA treat this type of configuration when applied to an access list? When I ran a quick packet trace and denied access from that range it looks like the ASA doesn't read that configuration properly.
Cisco Security :: ASA 5510 Object-group And Range Option
Feb 6, 2013I have 3 ASA 5510s; two of which are in production and the 3rd one is new. I inherited the two in production and was trying to configure that 3rd one using some of the existing object-group network statements. The problem is that when I try to create a range of IPs in one of the object-groups; the range command is not available. Here is one of the statements extracted from one of the production ASAs: object network REMOTE range 62.77.130.14 62.77.130.208.Both ASAs have the same image ver (asa842-k8). Is there something that I am missing to be able to enable the range option on the new ASA?
View 2 Replies View RelatedCisco Firewall :: Object Group Network Limit With Asa 5510
Oct 29, 2012We have Cisco ASA 5510, I am about to add another 2 Objectgroup network groups on the firewall to our already growing list. Under this Object-group Network xxxx , we are planning to add about about 500 network-object host xxx.xxx.xxx.xxx . This objectgroup will then be applied to an ACL. Just wanted to know if thats possible - meaning addnig 500 hosts? If it is whats the limit?
Also are there any other things to keep in mind before i go-ahead with this huge object group?
Cisco Firewall :: Access List Object Name Substitution ISR871 And ASA5520
May 10, 2011I am troubleshooting a s2s vpn between an ISR871 and my ASA5520 and I suspect a problem with my crypto-maps.
Is there a way I can display an access-list on the ASA and have the object names substituted with their IP addresses?
Cisco Application :: 3945 - WCCP Redirection For WAAS On Same Platform Using Different Service Group?
Nov 9, 2011if a Cisco router or switch can handle wccp redirection enabled for both waas and some other web content filtering appliance using a different service group?
seems like the priority value would come into play determining which service group gets handled first?
we currently do WCCP for WaaS on our 3945s.
I am going to advocate to my customer that we separate this out for CPU load issues, config complexity issues, IOS issues, etc... but the question is going to come up - "can we do WCCP for different applications on our Catalyst 3750 core switch, or our 3945 WAN routers?"
Cisco Firewall :: Internet Access Through ASA 5540 For Specific Network Object Group
May 2, 2011I have a 5540, and i am trying to allow access to internet for an specific network object group, who has inside a bunch of users, who needs direct internet access without any restrictions, i have tried with dynamic NAT, but that configuration ask for a specific IP o a Network range, and is not permitted to configure an object group as a source
The group is located in LAN zone, so a permission from one zone to another zone is needed i think, but i can allow the internet acess to that group Is there another way to get that , different from NAT ?
Cisco WAN :: 6500 / Setting Up Config To Have WCCP With Optimizer?
May 28, 2012I'm setting up a config to have WCCP with Blue Coat WAN Optimizer. I have following sinple setup at the moment. Cisco 6500 <----> Firewall. How should my topology should be. Should I have whe WAN-Optimizer in between (in path of switch and firewall on the same VLAN) or have different vlan hanging off the 6500 and have WCCP redirect traffic?
View 2 Replies View RelatedCisco Firewall :: WCCP Support On FWSM Running 6500
Mar 10, 2011What the support for WCCP on a FWSM running 4.0(7) is like, if there is any at all ?
I've read that the earliest PIX release that supports WCCP was 7.2(1) but I'm not sure how FWSM 4.0(7) aligns with the PIX versions.The only doc's i can find refrencing WCCP on a 6500 with FWSM is in the 6500 12.2 IOS guide.
Cisco Switching/Routing :: WCCP On 6509 Connection
Apr 5, 2012Is there a way to use 2 redirects inbound on vlan 1?
int vlan 1
ip wccp 80 redirect in
ip wccp 81 redirect in
The reason for this is because we need the return traffic from the firewall to come in on group 81 and the source subnet will go out group 80.
Cisco Switching/Routing :: 3750 12.2(46) WCCP Stack
Nov 21, 2011I'm setting up a web cache using the wccp protocol on a Catalyst 3750 stack.
Probably missing something real simple here but when I from the global configuration mode are trying to enter the ip wccp command it just says "invalid input" from wccp. There is no such command.. should be supported on my device from IOS 12.2(37)
Cisco Switching/Routing :: 6509 - WCCP For HTTPS
Feb 27, 2012I am trying to enable wccp on 6509. Its works fine on port 80 but not with https (443). Also i have noticed when i use the following
ip wccp web-cache redirect in similarly adding to interface HTTP works. but when i use the service no 0 instead of web-cache even the HTTP stops working. wccp v2 is enabled in the switch. Both the source & the Squid server are in same V LAN.
Cisco Switching/Routing :: 3560 With WCCP Not Working Correctly
Jun 17, 2012I am trying to configure a 3560 (Version 12.2(55)SE3) with IPServices to run WCCP to two to an Ironport WSA.
I believe everything is setup correctly, however WCCP is still not operational. I have check the debug logs on the switch and I'm presented with a number of messages along the lines of...
*Mar 1 03:44:47.891: WCCP-EVNT:wccp_update_assignment_status: enter
*Mar 1 03:44:47.891: WCCP-EVNT:wccp_update_assignment_status: exit
*Mar 1 03:44:47.891: WCCP-EVNT:wccp_copy_wc_assignment_data: enter
[Code]....
Cisco Switching/Routing :: WCCP And High CPU Utilization On 2851
Jan 23, 2010I have a Head Quarter and a remote site running over a OC3 circuit. [code]
On the HQ, I have a Cisco VXR7204 running IOS 12.4.15T(10) Advanced IP Serviceand the remote site is a Cisco 2851 also running IOS 12.4.15T(10) Advanced Ip Service. The HQ has a Riverbed Steelhead 5050H capable of delivering 100MbpsWCCP throughput. The remote site has a Riverbed Steelhead 1050H which can deliver 10Mbps WCCP throughput. At the HQ, the LAN network is 192.168.251.0/24.The Steelhead residing on the 192.168.251.0 network.At the remote site, the LAN network is 192.168.103.0/24 and 192.168.211.0/24.The Riverbed resides on the 192.168.103.0/24 network.
When a host on network 192.168.211.0/24 download a file from network192.168.251.0/24 network via http, the CPU on the Cisco 2851 goes to 99% utilization and that it stays there for the duration of the http session. There is very little traffic goes across the WAN whichis the way it should be but the CPU on the 2851 stays at constant at99% CPU utilization.
Why would WCCP consume so much CPU on the Cisco 2851? By the way, I am only getting about 5Mbps download instead of 90Mbps download, I think because of the high CPU on the router?
Cisco Switching/Routing :: WCCP Configuration On Catalyst 3750G?
Jul 5, 2010I have a WCCP Configuration on a Catalyst 3750G and a IronPort Webappliance. I have configured this situation many times before with cisco asa and ironport wsa, but with a switch, this is my first time.
VLAN 147 is a transportation vlan between the cisco switch and a hp coreswitch with the clients and servers behind the hp coreswitch.
VLAN 147 IP Address of the Catalyst is 172.30.47.1
IP of the IronPort Appliance is 172.30.47.10
IP of the HP Coreswitch is 172.30.47.2
Plan is to redirect the webtraffic coming from clients and servers from the 10.0.0.0/8 net behind the hp switch to the ironport wsa. In have configured these settings.
ip wccp web-cache group-list 15 password 7 091D1C5Aip wccp 80 redirect-list 16 group-list 15 password 7 14464058
interface GigabitEthernet1/0/22 description IRONPORT P1 BUWOG switchport access vlan 147 switchport mode access
interface Vlan115 ip address 172.30.15.2 255.255.255.0 standby 10 ip 172.30.15.1 standby 10 priority 90 standby 10 preempt standby 10 track Vlan115!interface Vlan147 ip address 172.30.47.1 255.255.255.0 ip wccp web-cache redirect in ip wccp 80 redirect in
[code]....
Cisco Firewall :: ASA 5510 / Ip Service Object And Service Group
May 16, 2011When I create a service object or group and add the object to a new rule it never works.I mean the traffic match not the rule. I see not hits.I placed the rule on top of my access list to check if I do somethink wrong but it is not working. When I place only a service for example tcp/23 it is working.
my ip service object
object-group service g-as400 description access client 2 as400 machine service-object tcp-udp destination eq 397 service-object tcp destination eq 137 service-object tcp destination eq 2001 service-object tcp destination eq 3000 service-object tcp destination eq 445 service-object tcp destination range 446 447 service-object tcp destination eq 449 service-object tcp destination eq 5010 service-object tcp destination eq 5544 service-object tcp destination eq 5555 service-object tcp destination range 8470 8476 service-object tcp destination eq 8480 service-object tcp destination eq
[code]...
Cisco WAN :: Does 6500 Not Have Hardware Redirect / Rewrite Capability
Jan 31, 2011I am configuring a WAE-7341 for standalone content engine ACNS used for webcaching only.When I enable the l2-redirect and l2-return on the WAE I get high CPU on my Cisco 6504-E with WS-SUP32-GE-3B - WS-F6K-PFC3B. The 6500 shows the wccp status as L2 for redirection and return and webcache works but this CPU spikes to 70%. [code] I don't see which process is causing this but if I remove WCCP from the interface, it drops to 1% so I know for a fact that WCCP is causing this.
If I remove the l2-redirect and l2-return on the WAE, WCCP on the 6500 registers GRE for redirection and return on the 6500 and CPU drops to 5%.If I enable the "wccp webcache accelerated" option on the 6500, I cannot get WCCP up with or without the l2-return and l2-redirect options on the WAE, it displays: [code] does this 6500 not have the hardware redirect/rewrite capability? My WAE is directly connected to the 6500 WS-X6548-GE-TX blade on the same vlan that I am doing a wccp redirect on.
Cisco Switching/Routing :: 3750 - Cannot Enable PBR On A VLAN WCCP Enabled
Jan 3, 2012I would like to apply a policy-based route on one of our L3 switches (Cisco 3750) to change the next-hop of a couple of servers only. The VLAN where those servers reside got WCCP enabled on it. When I want to apply the route-policy to that VLAN interface it doesn't let me. When I try to apply the same policy to a VLAN interface without WCCP it does work. Is there any Cisco IOS limitations that would prevent me from doing that?
Configuration:
route policy config:
access-list 70 permit ip host x.x.x.x (server IP)
route-map PBR1 permit 10
[Code].....
Cisco Switching/Routing :: Object-groups In Access-lists On 3750X?
May 29, 2013I have started to use ip extended access-lists on several 3750X-switches to filter inbound and outbond traffic on the VLANs. But it seems that the use of object-groups is not supported, is this correct? Is it really no way to group different ip-addresses into groups and then use these groups in the access-lists?
I am running sw version 15.0(1)SE2.
Cisco Switching/Routing :: Upgrade 6500 Non Modular IOS To Normal 6500?
Dec 21, 2011how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies View RelatedCisco Switching/Routing :: WCCP Settings In Catalyst 3750X And Barracuda Web Filter
May 12, 2013 configuration of a Catalyst 3750X and Barracuda Web Filter using WCCP protocol.
We used various WCCP protocol settings, unable set to redirect traffic to the Web Filter.
This is the current configuration of 3750X:
ip routing
ip wccp 94 redirect-list 194 group-list 50
ip wccp 95 redirect-list 195 group-list 50
[Code]......
Cisco Switching/Routing :: 7206VXR - WCCP Redirection Of Non-directly Connected Subnets
Jul 18, 2012I have a Cisco 7206VXR running 12.4(24)T3 IOS. It is configured with WCCPv2 using L2 mask redirection. I am using service groups and associated extended ACLs to select which subnets I want to redirect port 80 traffic from.
It is working fine for the subnet 192.168.1.0/24....
int gi0/2
ip wccp 10 redirect in
ip address 192.168.1.99 255.255.255.0
... however, there is OSPF running between the router and a Mikrotik device directly connected to this interface. The gateway addresses for all the client subnets are on the Mikrotik. Traffic from other subnets, e.g. 192.168.2.0/24, 192.168.3.0/24 come in on this interface and I want to redirect those too. But it appears that the redirection doesn't work for those subnets (I don't see any hits on the relevant ACL for any subnet except 192.168.1.0/24).
It seems like the router only wants to redirect traffic for subnets that it has an IP address in itself. Admittedly, all of the example configs i've found on cisco.com are for redirecting traffic from directly connected subnets but I can't find anything that denies thie possibility of redirecting any traffic that comes in on a given interface.
The question is, is this how WCCPv2 redirection works? i.e., the router must have an IP address in the subnet to be redirected?
Cisco Switching/Routing :: Will Vrrp Object Tracking Work On 1721 Router
Feb 20, 2013I am using a bunch of Cisco 1721 routers for my T1 lines. We recently purchased Digi cell modems as a backup for the T1. On configuring vrrp to work on both devices I discovered that IOS 12.3(6c) does not support the "vrrp track" feature. After reviewing the Cisco Feature Navigator I could not see an IOS that will support the vrrp object tracking. Is that correct? The routers have T1 WIC's installed. If it does work what is the latest IOS that will work on this end of life product?
View 1 Replies View RelatedCisco Switching/Routing :: 6509 Use Policy Based Routing To Redirect Http Traffic
May 29, 2012We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies View RelatedCisco VPN :: ACS 5.X - How To Assign Connection Profile Without Using Group Drop-down List
Mar 8, 2013i've configured 4 connection profiles (IT,HR,Admon,VIP) on the asa everything works well, but our boss wants to know if it's possible to assign the right connection profile without using group drop-down list, what he wants is to use a unique connection profile (non-default) and via radius attributes using ACS 5.X to assing the right profile.
View 6 Replies View RelatedCisco VPN :: ASA5510 - AnyConnect Client Profile / Group-URL In Server-List With OGS?
Dec 2, 2012Cisco Adaptive Security Appliance Software Version 8.4(4)1
Device Manager Version 7.0(2)
Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
#show webvpn anyconnect
1.disk0:/anyconnect-win-3.1.00495-k9.pkg 1 dyn-regex=/Windows NT/
CISCO STC win2k+
3,1,00495
Hostscan Version 3.1.00495
Profile in atthach-file. After this profile is uploaded to client Optimal Gateway Selection doesn't work propertly: When 'vpn1.mydomain.com/mygroup' (it best TTL server) is unreachable, then OGS try to be connected to other servers, but without group-url, for example 'vpn2.mydomain.com' (instead of 'vpn2.mydomain.com/mygroup')
Cisco Switching/Routing :: Can 7600 Redirect Layer 4 Traffic
Dec 6, 2012i want to to ask about redirecting in MLS 7600 .assume the user a has an ip x.x.x.xand that user requested url...i want to to redirect his request to url...the users that have to pay the monthly bills , i want to give thim an ips and redirect all the http requests from this to a special local webpage .is is applicable to to it on router cisco 7600 ??or is it applicable on router 7206 npeg2 ? also i have siwtch 2960g.i dont want to do it by proxy server.
View 4 Replies View Related