cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IP Spoofing with WCCP and Multiple Appliances

Jump to solution

Has anyone successfully configured 2 or more Web Gateway appliances to use IP Spoofing with WCCP?

We have a bandwidth management appliance that we use in conjuntion with our internet connection. It used to be in place between the Firewall and a single Web Gateway appliance in Transparent mode with IP Spoofing enabled. The shaping appliance could see the Client IP addresses and perform shaping based on source subnet. Any traffic between the Web Gateway Appliance and the LAN was not shaped.

We later added a Cisco router to enable WCCP instead of using Transparent Bridge mode, we also added a second Web Gateway appliance at that time. - At that time we started experiencing HTTPS traffic loss to the internet and had to disable IP Spoofing. Disabling IP spoofing forced us to move the Shaping appliance between the LAN and the Cisco Router, which send traffic to the Web Gateways using WCCP. Now the Web Gateway Appliances have unlimited bandwidth to the internet, so the appliance can download files quickly and scan them, but the download from the appliance to the client is shaped and can be slow at times.

We would like to put our shaping appliance back in its original place, but we cannot figure out how to get IP spoofing to work properly.

1 Solution

Accepted Solutions
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 2

Re: IP Spoofing with WCCP and Multiple Appliances

Jump to solution

Worked on this case and we found that the assignment method what was causing issues. Hash was being used, which caused the Cisco device to incorrectly route packets back to the Web Gateways (so SYN would hit mwgA, but SYN ACK would come back and hit mwgB). Once we changed the assignment method to mask, everything as has been working so far.

Best,

Jon

View solution in original post

1 Reply
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 2

Re: IP Spoofing with WCCP and Multiple Appliances

Jump to solution

Worked on this case and we found that the assignment method what was causing issues. Hash was being used, which caused the Cisco device to incorrectly route packets back to the Web Gateways (so SYN would hit mwgA, but SYN ACK would come back and hit mwgB). Once we changed the assignment method to mask, everything as has been working so far.

Best,

Jon

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community