Be careful on terminology because the 2800 series router, at least to my knowledge, is not a distributed routing platform in the Cisco sense of things. A distributed routing platform would utilize dCEF not CEF and 2800 series routers use only CEF. So I am assuming here that the 2800 router doing WCCP is behind the firewall along with the squid box? The problem I often had with setting up this type of setup was the following: 1) Make sure your IOS does not have any WCCP bugs. Cisco has an iffy track record with WCCP-related bugs popping in and out of IOS revisions. I have used Advanced Security IOS release 12.4-15T3 and Advanced Security IOS release 12.4-15T8 without problems on 2811 routers with Squid and TPROXY. 2) Be carful with how you setup the GRE Tunnel on the linux box. There are at least two ways to do it where there are not errors presented by the commands on the linux box, the gre interface is up, but there is no data. 3) Make sure to point the GRE interface to the IP listed in the router "sh ip wccp " output. 4) With transparent TPROXY, you only need one Ethernet interface. 5) The WCCP setup on the router should follow the squid FAQ article where two different WCCP groups are used. 6) a wccp exclude statement should be used so that the traffic from the squid box itself doesn't get redirected. I don't think this is your problem, at least not yet, because your gre interface is showing no data. 7) the "debug ip wccp" command on the router is useful because it will show WCCP status messages between the squid box and the router. Nick -----Original Message----- From: Engr.M.monzur Alam [mailto:monzur@xxxxxxxxxxxx] Sent: Wednesday, May 13, 2009 4:56 AM To: squid-users@xxxxxxxxxxxxxxx Subject: Continue:Tproxy with WCCP error configuration Dear all, I have basically problem face TPROXY configuration with WCCP. Another one of my proxy server running well with WCCP gre0 tunnel. My main problem when any packet goes outside then of course takes my proxy server IP. In our some clients use rapid share or same kind of download link in randomly. Usually in the free license version this site don't give permission more than three time same IP daily base. So, this network scenario we need different IP to going outside internet cloud. For this reason we need TPROXY configuration. My distributed router status is: Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.3(14)T 4, RELEASE SOFTWARE (fc2) ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1) Could anybody give suggestion what the required network topology TPROXY+ WCCP ? My Physical connectivity structure is... Internet cloud (un-trusted) to Cisco core router to Juniper firewall to Distributed Cisco router to Core Cisco switch to TPROXY+ WCCP. This is right?? Another matter current I have two Ethernet card eth0 (WAN) & eth1 (LAN). Virtual Gre0 interface connected which one? eth0 or eth1?? Thanks Engr.M.Monzur Alam Network & System Admin Grameen CyberNet Ltd. Dhaka,Bangladesh
