Troubleshooting guide
1-15
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Configuring Traffic Interception
Configuring WCCP on WAEs
For example, WCCP filters the packets to determine which redirected packets have been returned from
the branch WAE and which ones have not. WCCP does not redirect the ones that have been returned
because the branch WAE has determined that the packets should not be processed. WCCP Version 2
returns packets that the branch WAE does not service to the same router from which they were
transmitted.
This section contains the following topics:
• Reasons for Packet Rejection and Return, page 1-15
• Layer 3 GRE as a Packet-Forwarding Method, page 1-15
• Layer 2 Redirection as a Packet-Forwarding Method, page 1-16
Reasons for Packet Rejection and Return
A branch WAE rejects packets and initiates packet return for the following reasons:
• The WAE is filtering out certain conditions that make processing packets unproductive, for example,
when IP authentication has been turned on.
• You have configured a static bypass list or interception ACL on the branch WAE.
Note The packets are redirected to the source of the connection between the WCCP-enabled router and the
branch WAE. Depending on the Cisco IOS software version used, this source could be either the address
of the outgoing interface or the router IP address. In the latter case, it is important that the branch WAE
has the IP address of the WCCP-enabled router stored in the router list. For more information on router
lists, see the “Configuring and Viewing WCCP Router Lists for WAEs” section on page 1-26.
Cisco Express Forwarding (CEF) is required for WCCP and must be enabled on the router.
WCCP also allows you to configure multiple routers in a router list to support a particular WCCP service
(for example, CIFS redirection).
Layer 3 GRE as a Packet-Forwarding Method
A WCCP-enabled router redirects intercepted requests to a WAE and can encapsulate the packets using
GRE. This method for forwarding packets allows packets to reach the WAE even if there are routers in
the path to the WAE. Packet redirection is handled entirely by the router software.
GRE allows datagrams to be encapsulated into IP packets at the WCCP-enabled router and then
redirected to a WAE (the transparent proxy server). At this intermediate destination, the datagrams are
decapsulated and then handled by the WAAS software. If the request cannot be handled locally, the
origin server may be contacted by the associated WAE to complete the request. In doing so, the trip to
the origin server appears to the inner datagrams as one hop. The redirected traffic using GRE usually is
referred to as GRE tunnel traffic. With GRE, all redirection is handled by the router software.
With WCCP redirection, a Cisco router does not forward the TCP SYN packet to the destination because
the router has WCCP enabled on the destination port of the connection. Instead, the WCCP-enabled
router encapsulates the packet using GRE tunneling and sends it to the WAE that has been configured to
accept redirected packets from this WCCP-enabled router.
After receiving the redirected packet, the WAE does the following:
1. Strips the GRE layer from the packet.
2. Decides whether it should accept this redirected packet and process the request for content or deny
the redirected packet as follows: