cancel
Showing results for 
Search instead for 
Did you mean: 
imanfauzi
Level 7

WCCP with 2 MWG (Clustered) not working

Jump to solution

Hi All,

please help me with config WCCP.

Cisco 6500 IOS 15.1(1) and MWG 5500

Topologi :

Client - Switch core - Checkpoint - Internet

                                          |

                              MWG 1 & MWG 2

with command on cisco :

ip wccp 51 redirect-list 120

interface vlan 63

ip wccp 51 redirect in

interface gigabitethernet 1/1

ip wccp 51 redirect out

access list 120 permit host 10.88.63.9 any

access list 120 permit any any eq www

access list 120 permit any any eq 443

access list 120 permit any any eq 9090

wccp.png

sh ip wccp 51 view :

wccp routers informed :

-none-

wccp clients visible :

-none-

wccp client not visible :

-none-

why the wccp not established?

please advices.....

thanks,

iman

0 Kudos
1 Solution

Accepted Solutions
eelsasser
Level 15

Re: WCCP with 2 MWG (Clustered) not working

Jump to solution

(I know no else can see the diagram, but ...)

You would have to put MWGs at each of the branches before they exit their respective firewalls.

In order to centralize the MWGs, all of the branches would have to route through a central convergence point that can do WCCP before they go out of the internet firewall.

You will not be able to tunnel WCCP across the WAN to a centralized MWG.

5 Replies
eelsasser
Level 15

Re: WCCP with 2 MWG (Clustered) not working

Jump to solution

I think, from your text diagram, you are trying to put MWG into a DMZ on the Checkpoint and trying to  get the internal Cisco routers to talk through the firewall via WCCP?

This will not work.

WCCP should be on one of the same L2 subnets as the 6500. It cannot go through a firewall for a variety of reasons.

0 Kudos
imanfauzi
Level 7

Re: WCCP with 2 MWG (Clustered) not working

Jump to solution

Hi eelsasser,

OK, i have to change the topologi like this diagram (as you told me on other thread) :

Users----[core]-------- ---[Firewall]-----> Internet

                       \               /

                        \--MWG-/

but for the config wccp (MWG and Cisco), is there any mistake?

now i would like to tell my customer to add a cable from MWG to Core Switch, then i will update you if it works.

many thanks.

0 Kudos
eelsasser
Level 15

Re: WCCP with 2 MWG (Clustered) not working

Jump to solution

For the WCCP portion, something does not seem correct. You have 2 interfaces doing a redirection for WCCP, you normally only have one.

I have a test router Cisco 2651XM Version 12.4(15)T14

I have the traffic between the egress interface and the firewall redirecting as it leaves the interface:

interface FastEthernet0/1

ip address 192.168.2.253 255.255.255.0

ip wccp 51 redirect out

My ingress interface on the LAN side does not have a redirect:

interface FastEthernet0/0

ip address 10.0.1.1 255.255.255.0

My Access List:

ip access-list extended WCCPlist

deny   ip any 192.168.0.0 0.0.255.255

permit ip any any

I have 2 MWGs talking to it. They both have the same configuration:

capture.png

I do not have any clients running through them currently, but i know the configuration works.

capture2.png

router#show ip wccp 51 view

    WCCP Routers Informed of:

        192.168.2.253

    WCCP Clients Visible:

        192.168.2.230

        192.168.2.231

    WCCP Clients NOT Visible:

        -none-

router#show ip wccp 51  

Global WCCP information:

    Router information:

        Router Identifier:                   192.168.2.253

        Protocol Version:                    2.0

    Service Identifier: 51

        Number of Service Group Clients:     2

        Number of Service Group Routers:     1

        Total Packets s/w Redirected:        0

          Process:                           0

          Fast:                              0

          CEF:                               0

        Service mode:                        Open

        Service access-list:                 -none-

        Total Packets Dropped Closed:        0

        Redirect access-list:                WCCPlist

        Total Packets Denied Redirect:       0

        Total Packets Unassigned:            0

        Group access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

router#show ip wccp 51 detail

WCCP Client information:

        WCCP Client ID:          192.168.2.230

        Protocol Version:        2.0

        State:                   Usable

        Initial Hash Info:       00000000000000000000000000000000

                                 00000000000000000000000000000000

        Assigned Hash Info:      00000000000000000000000000000000

                                 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

        Hash Allotment:          128 (50.00%)

        Packets s/w Redirected:  0

        Connect Time:            1d17h

        Bypassed Packets

          Process:               0

          Fast:                  0

          CEF:                   0

          Errors:                0

        WCCP Client ID:          192.168.2.231

        Protocol Version:        2.0

        State:                   Usable

        Initial Hash Info:       00000000000000000000000000000000

                                 00000000000000000000000000000000

        Assigned Hash Info:      FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

                                 00000000000000000000000000000000

        Hash Allotment:          128 (50.00%)

        Packets s/w Redirected:  0

        Connect Time:            1d17h

        Bypassed Packets

          Process:               0

          Fast:                  0

          CEF:                   0

          Errors:                0

imanfauzi
Level 7

Re: WCCP with 2 MWG (Clustered) not working

Jump to solution

Hi eelsasser,

Thanks for your testing configuration. that works.

but for now i have a problem that in branches,

i already attached a file that encrypted (password i already sent on PM, please kindly check your inbox)

if you see a switch core A is already configured wccp with MWG 1 and MWG 2 as your recomendation.

but how about the core switch on branch 1, branch 2 ..... branch 5? (switch core B, switch core C,.....switch core F)

how to implement wccp with those topology on branches? because there is not possible to create a new cable from branches to MWG 1 and MWG 2.

because this is our customer production topology, i apologise if i create a password for attachment.

Thanks in advance.

0 Kudos
eelsasser
Level 15

Re: WCCP with 2 MWG (Clustered) not working

Jump to solution

(I know no else can see the diagram, but ...)

You would have to put MWGs at each of the branches before they exit their respective firewalls.

In order to centralize the MWGs, all of the branches would have to route through a central convergence point that can do WCCP before they go out of the internet firewall.

You will not be able to tunnel WCCP across the WAN to a centralized MWG.