[c-nsp] 7206 running WCCP rewriting the source ip address
Dean Albano
dean.albano at 121media.com
Wed May 31 12:38:52 EDT 2006
Figured it out. The router is sending GRE packets with the source IP
address of the loopback interface. However, the proxy is connected
via a directly attached subnet. I thought the router was not
supposed to use GRE in this case. Please let me know if I am
mistaken on this.
Thanks
Dean J. Albano
Network Integration Consultant
dean.albano at 121media.com
264 W. 40th Street 16th Fl.
New York, NY 10018
tel: 646-217-0598
fax: 212 937-5237
On May 26, 2006, at 6:00 PM, dean.albano at 121media.com wrote:
We have a Cisco 7206(non vxr) running IOS 12.2-18 with WCCPv2. We are
redirecting all
inbound port 80 traffic (from the user vlan) to a trasparent squid
proxy (with WCCPv2
patch installed). A tcpdump capture shows that the router is
redirecting the traffic,
but it is also rewriting the source IP address of the packets to that
of the router
loopback address. All traffic is also tunneled via GRE. In our lab,
this is not the
case. GRE is only used for the WCCP hello packets. Any ideas?
Proxy is directly connected to the router on eth2/1
Client vlans connects via fa0/0
Web servers are reachable via serial3/0
WCCP specific commands:
ip wccp web-cache redirect-list 100
int fa0/0
-ip wccp web-cache redirect in
ACL 100 allows traffic from 3 contiguous subnets and blocks everything
else. The
loopback address is not permitted via the ACL.
Regards,
Dean J. Albano
Network Integration Consultant
121Media, Inc.
dean.albano at 121media.com
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list