RE: [squid-users] Continue:Tproxy with WCCP error configuration

Be careful on terminology because the 2800 series router, at least to my
knowledge, is not a distributed routing platform in the Cisco sense of
things. A distributed routing platform would utilize dCEF not CEF and
2800 series routers use only CEF.

So I am assuming here that the 2800 router doing WCCP is behind the
firewall along with the squid box? The problem I often had with setting
up this type of setup was the following:

1) Make sure your IOS does not have any WCCP bugs. Cisco has an iffy
track record with WCCP-related bugs popping in and out of IOS revisions.
I have used Advanced Security IOS release 12.4-15T3 and Advanced
Security IOS release 12.4-15T8 without problems on 2811 routers with
Squid and TPROXY.

2) Be carful with how you setup the GRE Tunnel on the linux box. There
are at least two ways to do it where there are not errors presented by
the commands on the linux box, the gre interface is up, but there is no
data.

3) Make sure to point the GRE interface to the IP listed in the router
"sh ip wccp " output.

4) With transparent TPROXY, you only need one Ethernet interface.

5) The WCCP setup on the router should follow the squid FAQ article
where two different WCCP groups are used.

6) a wccp exclude statement should be used so that the traffic from the
squid box itself doesn't get redirected. I don't think this is your
problem, at least not yet, because your gre interface is showing no
data.

7) the "debug ip wccp" command on the router is useful because it will
show WCCP status messages between the squid box and the router.

Nick

-----Original Message-----
From: Engr.M.monzur Alam [mailto:monzur_at_citechco.net]
Sent: Wednesday, May 13, 2009 4:56 AM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Continue:Tproxy with WCCP error configuration

Dear all,
I have basically problem face TPROXY configuration with WCCP. Another
one of my proxy server running well with WCCP gre0 tunnel. My main
problem when any packet goes outside then of course takes my proxy
server IP. In our some clients use rapid share or same kind of download
link in randomly. Usually in the free license version this site don't
give permission more than three time same IP daily base. So, this
network scenario we need different IP to going outside internet cloud.
For this reason we need TPROXY configuration.

My distributed router status is:
  
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version
12.3(14)T
4, RELEASE SOFTWARE (fc2)
ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)
 
Could anybody give suggestion what the required network topology TPROXY+
WCCP ?

My Physical connectivity structure is...
Internet cloud (un-trusted) to Cisco core router to Juniper firewall to
Distributed Cisco router to Core Cisco switch to TPROXY+ WCCP.

This is right??
Another matter current I have two Ethernet card eth0 (WAN) & eth1 (LAN).

Virtual Gre0 interface connected which one? eth0 or eth1??

Thanks
Engr.M.Monzur Alam
Network & System Admin
Grameen CyberNet Ltd.
Dhaka,Bangladesh
Received on Wed May 13 2009 - 15:26:15 MDT