All, I tried to be concise with the subject ;) Let me get started. I'm having a problem, and need some advice. I will try and lay this out: I'm using squid (STABLE16) some dansguardian, and an ASA. I'm using two systems for proxy. One is NTLM based, the other is transparent. My specific issue here is the transparent side. Basically, squid is connecting to my Cisco ASA (GRE tunnel) and registering with the WCCP engine. It takes the request, passes it to dansguardian, which then passes it another instance of squid. I know this isn't ideal, but it was necessary (I don't want to get into the hows or whys - trust me that it works great for what it's doing) The instance of squid that does the WCCP connection does no logging and no caching. It's simply to grab the transparent connections so they can be processed by DG, and my other squid. Here is how I am setting up the GRE tunnel and iptables to capture the packets. ip tunnel add wccp mode gre remote 192.168.79.1 local 192.168.79.2 dev eth3 /sbin/ip addr add 192.168.79.2 dev wccp /sbin/ip link set wccp up iptables -F -t nat iptables -t nat -A PREROUTING -i wccp -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.79.2:3129 (my IP is 79.2, and the ASA is 79.1, 3129 is my squid running on the local system - no cache or log) Very basic stuff, right out of the squid wiki (which is great) My ASA is configured to capture 4 interfaces, with some access-lists: (omitted the IP access lists for size) wccp web-cache redirect-list wccp wccp interface inside web-cache redirect in wccp interface vpndmz web-cache redirect in wccp interface wireless web-cache redirect in wccp interface wirelessdmz web-cache redirect in With this configuration as is, my transparent proxy is working exactly how I wanted. Then, the trouble began. I've noticed https based traffic times out.. but only from some of the interfaces. >From the 'vpndmz', I can log into gmail. But from 'wireless' it simply times out after a while. This happens with many many https based web pages. I ran a tcpdump and you can see that nothing is happening: 20:45:06.878518 IP 192.168.78.45.3654 > od-in-f99.google.com.https: . ack 4656 win 65535 20:45:06.878528 IP 192.168.78.45.3654 > od-in-f99.google.com.https: . ack 4656 win 65535 20:45:10.544927 IP 192.168.78.45.3648 > an-in-f18.google.com.www: . 1912:3372(1460) ack 1748 win 65535 20:45:10.544933 IP 192.168.78.45.3648 > an-in-f18.google.com.www: . 1912:3372(1460) ack 1748 win 65535 20:45:25.743229 IP 192.168.78.45.3648 > an-in-f18.google.com.www: . 1912:3372(1460) ack 1748 win 65535 20:45:25.743650 IP 192.168.78.45.3648 > an-in-f18.google.com.www: . 1912:3372(1460) ack 1748 win 65535 20:45:56.124193 IP 192.168.78.45.3648 > an-in-f18.google.com.www: . 1912:3372(1460) ack 1748 win 65535 20:45:56.124200 IP 192.168.78.45.3648 > an-in-f18.google.com.www: . 1912:3372(1460) ack 1748 win 65535 20:46:34.314300 IP od-in-f99.google.com.www > 192.168.78.45.3647: F 7657:7657(0) ack 1046 win 7896 20:46:34.314307 IP od-in-f99.google.com.www > 192.168.78.45.3647: F 7657:7657(0) ack 1046 win 7896 20:46:34.314310 IP 192.168.78.45.3647 > od-in-f99.google.com.www: . ack 7658 win 65535 20:46:34.314313 IP 192.168.78.45.3647 > od-in-f99.google.com.www: . ack 7658 win 65535 20:46:56.934605 IP 192.168.78.45.3654 > od-in-f99.google.com.https: R 3596:3596(0) ack 4656 win 0 20:46:56.934612 IP 192.168.78.45.3654 > od-in-f99.google.com.https: R 3596:3596(0) ack 4656 win 0 20:46:56.936370 IP 192.168.78.45.3655 > an-in-f18.google.com.www: . 2788953795:2788955255(1460) ack 256288053 win 65535 20:46:56.936654 IP 192.168.78.45.3655 > an-in-f18.google.com.www: . 0:1460(1460) ack 1 win 65535 20:46:56.936659 IP 192.168.78.45.3655 > an-in-f18.google.com.www: P 1460:1544(84) ack 1 win 65535 20:46:56.936662 IP 192.168.78.45.3655 > an-in-f18.google.com.www: P 1460:1544(84) ack 1 win 65535 20:46:59.993789 IP 192.168.78.45.3655 > an-in-f18.google.com.www: . 0:1460(1460) ack 1 win 65535 20:46:59.994012 IP 192.168.78.45.3655 > an-in-f18.google.com.www: . 0:1460(1460) ack 1 win 65535 20:47:18.256077 IP 192.168.78.45.3655 > an-in-f18.google.com.www: . 0:1460(1460) ack 1 win 65535 20:47:18.256084 IP 192.168.78.45.3655 > an-in-f18.google.com.www: . 0:1460(1460) ack 1 win Https traffic should not be in question here.. it shouldn't be extracted from the stack from iptables.. all in all.. it shouldn't be happening it.. but it is. Thanks for reading this lengthy text. Your advices is welcomed. Jason