5 Replies Latest reply on Apr 30, 2014 8:27 AM by eelsasser

    WCCP with 2 MWG (Clustered) not working

    imanfauzi

      Hi All,

       

      please help me with config WCCP.

      Cisco 6500 IOS 15.1(1) and MWG 5500

       

      Topologi :

      Client - Switch core - Checkpoint - Internet

                                                |

                                    MWG 1 & MWG 2

       

      with command on cisco :

      ip wccp 51 redirect-list 120

      interface vlan 63

      ip wccp 51 redirect in

      interface gigabitethernet 1/1

      ip wccp 51 redirect out

      access list 120 permit host 10.88.63.9 any

      access list 120 permit any any eq www

      access list 120 permit any any eq 443

      access list 120 permit any any eq 9090

       

      wccp.png

       

      sh ip wccp 51 view :

      wccp routers informed :

      -none-

      wccp clients visible :

      -none-

      wccp client not visible :

      -none-

       

      why the wccp not established?

      please advices.....

       

      thanks,

      iman

        • 1. Re: WCCP with 2 MWG (Clustered) not working

          I think, from your text diagram, you are trying to put MWG into a DMZ on the Checkpoint and trying to  get the internal Cisco routers to talk through the firewall via WCCP?

           

          This will not work.

          WCCP should be on one of the same L2 subnets as the 6500. It cannot go through a firewall for a variety of reasons.

           

          • 2. Re: WCCP with 2 MWG (Clustered) not working
            imanfauzi

            Hi eelsasser,

             

            OK, i have to change the topologi like this diagram (as you told me on other thread) :

            Users----[core]-------- ---[Firewall]-----> Internet

                                   \               /

                                    \--MWG-/

             

            but for the config wccp (MWG and Cisco), is there any mistake?

            now i would like to tell my customer to add a cable from MWG to Core Switch, then i will update you if it works.

             

            many thanks.

            • 3. Re: WCCP with 2 MWG (Clustered) not working

              For the WCCP portion, something does not seem correct. You have 2 interfaces doing a redirection for WCCP, you normally only have one.

              I have a test router Cisco 2651XM Version 12.4(15)T14

               

              I have the traffic between the egress interface and the firewall redirecting as it leaves the interface:

               

              interface FastEthernet0/1

              ip address 192.168.2.253 255.255.255.0

              ip wccp 51 redirect out

               

              My ingress interface on the LAN side does not have a redirect:

              interface FastEthernet0/0

              ip address 10.0.1.1 255.255.255.0

               

              My Access List:

               

              ip access-list extended WCCPlist

              deny   ip any 192.168.0.0 0.0.255.255

              permit ip any any

               

              I have 2 MWGs talking to it. They both have the same configuration:

              capture.png

               

              I do not have any clients running through them currently, but i know the configuration works.

               

              capture2.png

               

              router#show ip wccp 51 view

                  WCCP Routers Informed of:

                      192.168.2.253

               

                  WCCP Clients Visible:

                      192.168.2.230

                      192.168.2.231

               

                  WCCP Clients NOT Visible:

                      -none-

               

               

              router#show ip wccp 51  

              Global WCCP information:

                  Router information:

                      Router Identifier:                   192.168.2.253

                      Protocol Version:                    2.0

               

                  Service Identifier: 51

                      Number of Service Group Clients:     2

                      Number of Service Group Routers:     1

                      Total Packets s/w Redirected:        0

                        Process:                           0

                        Fast:                              0

                        CEF:                               0

                      Service mode:                        Open

                      Service access-list:                 -none-

                      Total Packets Dropped Closed:        0

                      Redirect access-list:                WCCPlist

                      Total Packets Denied Redirect:       0

                      Total Packets Unassigned:            0

                      Group access-list:                   -none-

                      Total Messages Denied to Group:      0

                      Total Authentication failures:       0

                      Total Bypassed Packets Received:     0

               

               

              router#show ip wccp 51 detail

              WCCP Client information:

                      WCCP Client ID:          192.168.2.230

                      Protocol Version:        2.0

                      State:                   Usable

                      Initial Hash Info:       00000000000000000000000000000000

                                               00000000000000000000000000000000

                      Assigned Hash Info:      00000000000000000000000000000000

                                               FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

                      Hash Allotment:          128 (50.00%)

                      Packets s/w Redirected:  0

                      Connect Time:            1d17h

                      Bypassed Packets

                        Process:               0

                        Fast:                  0

                        CEF:                   0

                        Errors:                0

               

                      WCCP Client ID:          192.168.2.231

                      Protocol Version:        2.0

                      State:                   Usable

                      Initial Hash Info:       00000000000000000000000000000000

                                               00000000000000000000000000000000

                      Assigned Hash Info:      FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

                                               00000000000000000000000000000000

                      Hash Allotment:          128 (50.00%)

                      Packets s/w Redirected:  0

                      Connect Time:            1d17h

                      Bypassed Packets

                        Process:               0

                        Fast:                  0

                        CEF:                   0

                        Errors:                0

              1 of 1 people found this helpful
              • 4. Re: WCCP with 2 MWG (Clustered) not working
                imanfauzi

                Hi eelsasser,

                 

                Thanks for your testing configuration. that works.

                but for now i have a problem that in branches,

                i already attached a file that encrypted (password i already sent on PM, please kindly check your inbox)

                if you see a switch core A is already configured wccp with MWG 1 and MWG 2 as your recomendation.

                but how about the core switch on branch 1, branch 2 ..... branch 5? (switch core B, switch core C,.....switch core F)

                how to implement wccp with those topology on branches? because there is not possible to create a new cable from branches to MWG 1 and MWG 2.

                 

                because this is our customer production topology, i apologise if i create a password for attachment.

                Thanks in advance.

                • 5. Re: WCCP with 2 MWG (Clustered) not working

                  (I know no else can see the diagram, but ...)

                   

                  You would have to put MWGs at each of the branches before they exit their respective firewalls.

                   

                  In order to centralize the MWGs, all of the branches would have to route through a central convergence point that can do WCCP before they go out of the internet firewall.

                   

                  You will not be able to tunnel WCCP across the WAN to a centralized MWG.