Thank you very much. I will try your suggestion very soon. I want to make sure if my configuration is right. modprobe ip_gre iptunnel add gre0 mode gre remote 192.168.9.253 local 192.168.9.251 dev eth0 ifconfig gre0 inet 192.168.9.251 netmask 255.255.255.0 up ip link set eth0 mtu 1400 ip link set gre0 mtu 1400 echo 1 > /proc/sys/net/ipv4/ip_forward echo 0 > /proc/sys/net/ipv4/tcp_window_scaling echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 8080 Thank you again for your help. Vichao Saenghiranwathana On Tue, Apr 13, 2010 at 1:42 AM, Horacio H. <pokehorace@xxxxxxxxx> wrote: > 2010/4/8 Vichao Saenghiranwathana <vichaos@xxxxxxxxx>: > >> I still stunned. Can you explain more in deeper detail so I can >> understand what the problem is. >> > > Hi Vichao, > > If you already have a static NAT translation at the ASA between these > two addresses: 192.168.9.251 and 203.130.133.9, it doesn't make sense > to me why you also configured the same public IP address at the second > subinterface. Unless you need it for an unrelated setup, you may want > to remove the second subinterface because (if you also configured a > default-gateway there) when external packets are destinede to the > address 203.130.133.9 it might cause the ASA to NAT packets that > shouldn't be, or viceversa. > > Aside from that, if the issue persist your next clue resides in > collecting all the info your ASA shows about the WCCP > association/registration, and monitor the counters of the GRE tunnel > and iptables active rules and default policies. > > I hope this comment was helpful. I have a similar setup and it works fine. > > Regards, > Horacio. >