Cisco Cisco Web Security Appliance S670 Troubleshooting Guide
WCCP session to the router/switch up, but
browsing not happening due to route issues
browsing not happening due to route issues
Document ID: 118257
Contributed by Bhuiyan Muhaimeen and Jai Koolwal, Cisco TAC
Engineers.
Aug 12, 2014
Engineers.
Aug 12, 2014
Contents
Question:
WCCP session to the router/switch up, but browsing not happening due to route issues
Environment:
Cisco Web Security Appliance
Catalyst Switch, Router, ASA
Catalyst Switch, Router, ASA
Symptoms:
WCCP session is up and working but browsing does not work.
In certain circumstances, the Cisco Web Security Appliance can talk to the router but client traffic might not
pass. We would see WCCP session is up but still no browsing is happening.
pass. We would see WCCP session is up but still no browsing is happening.
WCCP configuration on the Catalyst switch is minimal (the redirect−list is not germane to this discussion but
reproduced here for the sake of completeness):
reproduced here for the sake of completeness):
ip wccp 91 redirect−list 130 group−list 30
interface Vlan20
description client vlan 20
ip address 192.168.20.1 255.255.255.0
ip wccp 91 redirect in
description client vlan 20
ip address 192.168.20.1 255.255.255.0
ip wccp 91 redirect in
access−list 30 permit 10.66.71.17
access−list 130 permit ip any host 192.168.20.103 log
access−list 130 permit ip host 192.168.20.103 any log
access−list 130 permit ip any host 192.168.20.103 log
access−list 130 permit ip host 192.168.20.103 any log
We would see WCCP is up:
Switch#sh ip wccp 91 d
WCCP Client information:
WCCP Client information:
WCCP Client ID: 10.66.71.17
Protocol Version: 2.0
State: Usable
Redirection: L2
Protocol Version: 2.0
State: Usable
Redirection: L2