2. wccp berjalan dengan L2 or GRE dan default
3. Pastikan jika menggunakan P1 sebagai data maka DNS harus menggunakan port Data sebagai query DNS di routing table (Pengaturan di bagian DNS)
4. wccp dengan service number or web cache gak ada masalah
5. http proxy dan https proxy berjalan dengan create cert dan key terlebih dahulu tanpa perlu mengupload nya.
-----------
Restrictions regardnig WCCPv2 implementation on ASA are:
- Multiple routers in a service group is not supported. Multiple Cache Engines in a service group is still supported.
#- Multicast WCCP is not supported.
- The Layer 2 redirect method is not supported; only GRE encapsulation is supported.
#
- WCCP source address spoofing is not supported
Beside these restrictions, IronPort WSA must be connected to ASA's inside segment.
Also, ASA's inside interface must be in the same IP subnet like IronPort WSA.
If you have problems with wccp on WSA in general, here are some steps that you should follow during troubleshooting:
1. Mind all the WCCP/ASA restrictions mentioned above
2. Capture packets on WSA's interface. If everything is OK, you should see both wccp HIA and wccp "I see you" hello messages.
3. Turn on debug ip wccp events on ASA/router
3. If all WCCP messages are present, you should not have the problem
If not... First see if WSA is sending WCCP messages to ASA/router (debug wccp events).
WSA has one bug that affects WCCP function... Somethimes (and believe me - sometimes==a lot) when WCCP reconfiguration is performed on WSA, it sends WCCP packets with wrong Host ID.
So in that case, in router/ASA debug you see message like this: "Here_I_Am packet from X.X.X.X w/bad rcv_id 00000000".
If you see this, you should execute following hidden command on WSA from WSA CLI:
//*****************************
diagnostic->proxy->kick
//*****************************
Tidak ada komentar:
Posting Komentar