Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1397 Views 7 Replies Latest reply: Jan 8, 2013 11:58 AM by Jon Scholten RSS
derek51 Newcomer 1 posts since
Aug 27, 2011
Currently Being Moderated

Aug 27, 2011 12:18 PM

WCCP Return Method

Hi, I have connected a Cisco 3750 switch with MWG in a single network. I found the return method as displayed by "show ip wccp 51 detail" is GRE instead of L2. Is there any means to change from GRE to L2? Or MWG only support GRE return method?

  • asabban McAfee SME 1,354 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Aug 30, 2011 10:15 AM (in response to derek51)
    Re: WCCP Return Method

    Hello,

     

    according to my knowledge WCCP is utilized only to have traffic redirected from the Client to MWG. MWG will not play the response back via WCCP, but will respond directly to the client.

     

    Best,

    Andre

  • Troja Champion 255 posts since
    Aug 26, 2010
    Currently Being Moderated
    2. Jan 7, 2013 9:28 AM (in response to derek51)
    Re: WCCP Return Method

    Hi all,

    i saw the same behavior today with a Cisco 65xx. Are there any new infos available?

     

    Can i configure some additional settings anywhere on MWG so that L2 is used for WCCP return packages?

     

    Best,

    Thorste

  • Jon Scholten McAfee SME 857 posts since
    Nov 3, 2009
    Currently Being Moderated
    3. Jan 7, 2013 10:12 AM (in response to Troja)
    Re: WCCP Return Method

    Hi Thorsten,

     

    Is there an actual problem?

     

    As Andre stated, the return method is not used because Web Gateway returns the traffic directly.

     

    Does the fact that MWG simply states GRE for the return method cause the router to remove the MWG from it's pool? If so, that would be the first I've heard of that. I would double check to see if there isnt something else causing issues.

     

    Best,

    Jon

  • Troja Champion 255 posts since
    Aug 26, 2010
    Currently Being Moderated
    4. Jan 8, 2013 4:10 AM (in response to Jon Scholten)
    Re: WCCP Return Method

    Hi Jon,

    yes, this is a big problem. Today we are implementing a POC for MWG at a customer where Bluecoat SG is actually used.

     

    WCCP return method: Today with Bluecoat both directions can be configured using L2 or IP-GRE. This should also be possible with MWG.

     

    My biggest problem is, that WCCP is not functioning well. We have to configure different WWCP Groups using TCP or UDP with different ports.

    - WCCP Group 1: using TCP, Ports: 80 (HTTP), 443 (HTTPS), 20 (FTP-Data), 21, (FTP), 554 (MMS), 1755 (RTSP), RTMP (1935).

    - WCCP Group 2, using UDP with different ports

     

    Is this possible to configure in any way with MWG?
    - When configuring MWG for each WCCP Group a proxy IP and port must be defined?
    - When configuring MWG for WCCP Group 1 as listed above no traffic beside HTTP/HTTPS is working.

    - When configuting MWG for WCCP Group 1 as listed above but only using ports 20 and 21 a FTP Session can be established but the DATA connections always fails.

     

    My question is now. How can this be configured with MWG?

     

    Best,

    Thorsten

  • Jon Scholten McAfee SME 857 posts since
    Nov 3, 2009
    Currently Being Moderated
    5. Jan 8, 2013 10:18 AM (in response to Troja)
    Re: WCCP Return Method

    Hi Thorsten,

     

    That makes perfect sense! I feel your issue is not related to the return method (maybe it is a problem for FTP but I'm not sure).

     

    More it is related to the type of traffic you are attempting to send to the MWG. MWG is a HTTP/HTTP/FTP Proxy. But, MWG does not support FTP over WCCP.

     

    This is why only HTTP/HTTPS is working when using WCCP.

     

    For the other traffic MMS, RTSP, and RTMP, you will need to tunnel that traffic in order for it to work. I have only done this with RTMP. But below is an example of how to get that working. See ruleset attached as well.

    1_wccp_ports.png 2_wccp_rules_tunneledtraffic.png

     

    Best,

    Jon

  • Troja Champion 255 posts since
    Aug 26, 2010
    Currently Being Moderated
    6. Jan 8, 2013 11:26 AM (in response to Jon Scholten)
    Re: WCCP Return Method

    Hi Jon,

    is this right?

     

    - WCCP can never be used for streaming and FTP, neither the whole WCCP configuration on the CISCO router would be changed??

    - When tunneling other traffic like MMS, RTSP and so on this traffic is not checked in any way. Also streams are not sent to the helix stream server.

    - Helix Stream Server cannot be used with WCCP.

     

    Best,

    Thorsten

  • Jon Scholten McAfee SME 857 posts since
    Nov 3, 2009
    Currently Being Moderated
    7. Jan 8, 2013 11:58 AM (in response to Troja)
    Re: WCCP Return Method

    Hi Thorsten,

     

    -FTP over WCCP does not work (Webwasher: FTP with WCCP - https://kc.mcafee.com/corporate/index?page=content&id=KB64193)

    -WCCP can be used for streaming, but the content would be tunnelled. Using the rules I gave you can at least make sure its not to a malicious destination.

    -I have not tested using the helix server with WCCP. Theoretically you could create a new service ID and forward the traffic to the proxy port of the helix server (instead of using 9091 as outlined above).

     

    Best,

    Jon

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points