Wacky integration of PIX,Content engine and router

Dear All,
I have got a situation...The situation is
that I have a pix515e, Content Engine and
Cisco 2620xm router...The 3 attachments contain each of the systems configuration..They are arranged in the following way..
There is a 192.168.0.0 network ID running on the PIX inside network which is getting translated by pix to 172.16.1.11-172.16.2.254. The e0 of pix has got an IP address of 172.16.1.7. PIX firewall's gateway is the router's ethernet interface which is 172.16.1.3. I have allowed tcp etc traffic for the inside network.
After PIX there is a content engine 565A which is getting connected via its gigabit interface with IP address of 172.16.1.2 to the network with wccp config.
The router is running 172.16.1.3 on its ethernet interface with the wccp configuration on WAN facing interface..
The problem is that I am able to access the Internet from inside of the PIX.. The PIX is translating perfectly...When the traffic reaches the router, it also translates into public addresses perfectly..The user's are accessing Internet without any problem..and i can see the nat maintained on router and pix..
But the problem is that when i write sh wccp gre on content engine, it doesn't show any activity..This is the problem that content engine is not responding the way it should..
Right now I am lost why the CE isn't working... If anyone has faced this scenerio before then any help will be greatly appreciated...
Hoping for a response which resolves this...
Regards,
Noman Bari

Dear Joerg,
Thank you for your response... That night when I had posted my request for help, I went back to my hotel room, took a shower and focused on CE and router communication and what was configured on them (by some another consultant)...
And then it struck to me that wccp was never enabled on the router in the global config(see the router config in my 1st posting)... once this glitch was removed, everthing now works .. This was never a pix issue bcuz I could see that it was working the way its suppose to work,xlating was happening, people were surfing the web and stuff but the show commands on CE and router weren't showing any activity..
The following link on configuring Cisco Cache Software helped me enormously and I recommend to everyone working on CE..
http://www.cisco.com/en/US/products/sw/conntsw/ps547/products_configuration_guide_book09186a0080087140.html
Through this process I learned a very important lesson though...when you are troubleshooting a problem, never trust the configurations that have been done by the guy before you...start everything from the scratch by going through the documentation..
and ofcourse this extremely useful Cisco Forum also...
Regards,
Noman Bari

Similar Messages

  • Content Engine and L4 Switches

    I am network administrator in a big company, the case is as follows:
    I have a new Content Engine 590 and I want not to use wccp, I will buy a new cisco L4 switch and want to use it with the engine, some one told me that it is not supported by my engine, is that true or not???
    I have a cisco router and I can use wccp but papers from different web sites writes that L4 switching performance is better, is that true???
    thanks
    A. F.

    The feature is code-specific, and the content engine will support L4 switch forwarding. You might want to look at this document to see the sample configuration for this. If you scroll passed the CSS config you will see what the CE configuration will look like.
    http://www.cisco.com/warp/public/117/CSS_CEreverseproxy.html
    If you weren't interested inL3 WCCP on your gateway router and wanted performance, you might want to look into the L2/mac re-write redirections you can do with a Cat 6K and a CE:
    http://www.cisco.com/warp/customer/117/wccp_redirects.html
    Cheers,
    Perry.

  • Content Engine and PHP WebSites

    Hi,
    I have Content Engines in a transparent caching scenario. The HTPP traffic being redirected to the CEs are from squid proxies.
    Sometimes, for php written sites, when the client tries to access the website or a particular link in a website, instead of getting the site content he gets a popup window asking if he wants to save the content or cancel the operation.
    I noticed that this problem does not happen if I force the client browsers to use HTTP1.1 through proxy connections or if ... I clear the cache content (the content engine content).
    If I access these sites using a dial-up line this problem doesn't happen. Only from the customer network, where I deployed the transparent caching solution does this happen.
    Does anyone have a clue regarding this issue?
    Thanks in advance for your attention.
    Regards,
    Ricardo

    Thanks for your reply.
    I do not have any rules applied on the CE configuration.
    After looking to some sniffer traces I took I suspect that my problem is related with the fact that I have requests made with browsers configured for HTTPv1.0 through proxy connections and others HTTPv1.1 through proxy connections.
    When a client browser makes the request using HTTPv1.1 through proxy connections the content will be cached in encoded gzip format.
    At a later time when another client, this time using HTTPv1.0 through proxy connections, tries to access the same content the content engine will deliver it encoded ... but the browser does not support it, and a pop-up window appears asking if the user wants to save the content.
    So, now I suspect that this has nothing to do with the site itself but only with the requests and responses.
    The clients are behind squid proxies.
    It is the traffic originated by the squid proxy that is being redirect trough WCCP to the content engine.
    I will do additional tests and try to find a way to solve this issue.
    Once again Thanks for your reply.
    I've you have any additional comments, feel free!
    I need it :)
    Ricardo

  • Content Engine on PIX DMZ

    Can we place content engine outside interface on PIX DMZ interface. At this moment both the WCCP router and content Engine are on outside. I want to place Content Engine Outside interface on PIX DMZ and then to run WCCP between Content Engine and Outside router.
    Thank you.

    Yes. You can place the content engine towards the outside interface on PIX. This should work.

  • Smartfilter with Content Engine Module (NM-CE-BP-40G-K9) & ACNS on 3661

    I've been looking over the CCO docs, but can't find one that has sample configs for using a 3661 router containing content engine module, smartfilter, & ACNS. Topology is basically the following...
    (PC's)----(LAN Switch)-----(3661 w/content engine module)----(PIX)---(internet)
    I don't want to creat a new IP subnet for the 3 interfaces within the content engine module/router. I want to use the IP's from the current LAN IP Block.
    Any advice appreciated.

    I thought this might help.
    Easy NM-CE Configuration Guide!
    Router IOS:c3725-ik9o3s-mz.122-15.T2
    Content Engine Software: ACNS 5.0.3.5
    Configure basic router configuration as normal.
    Set the IP addresses for the Service Module (Content-Engine) using these commands:
    interface Content-Engine2/0
    ip address 10.1.1.1 255.255.255.0
    ip nat inside
    service-module external ip address 10.0.0.1 255.255.255.0
    service-module ip address 10.1.1.2 255.255.255.0
    service-module ip default-gateway 10.1.1.1
    Complete Config Example (DHCP and NAT for Lab):
    urrent configuration : 2440 bytes
    version 12.2
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname lab3745_NM-CE
    logging queue-limit 100
    enable password cisco
    ip subnet-zero
    ip wccp web-cache
    ip dhcp pool NM-ESW-16-POOL
    network 10.1.2.0 255.255.255.0
    domain-name cisco.com
    default-router 10.1.2.1
    dns-server 171.68.226.120 171.70.168.183
    lease 7
    ip audit notify log
    ip audit po max-events 100
    no voice hpi capture buffer
    no voice hpi capture destination
    mta receive maximum-recipients 0
    interface FastEthernet0/0
    ip address 172.16.12.108 255.255.255.0
    ip wccp web-cache redirect out
    ip nat outside
    duplex auto
    speed auto
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    interface FastEthernet1/0
    no ip address
    interface FastEthernet1/1
    no ip address
    interface FastEthernet1/2
    no ip address
    interface FastEthernet1/3
    no ip address
    interface FastEthernet1/4
    no ip address
    interface FastEthernet1/5
    no ip address
    interface FastEthernet1/6
    no ip address
    interface FastEthernet1/7
    no ip address
    interface FastEthernet1/8
    no ip address
    interface FastEthernet1/9
    no ip address
    interface FastEthernet1/10
    no ip address
    interface FastEthernet1/11
    no ip address
    interface FastEthernet1/12
    no ip address
    interface FastEthernet1/13
    no ip address
    interface FastEthernet1/14
    no ip address
    interface FastEthernet1/15
    no ip address
    interface Content-Engine2/0
    ip address 10.1.1.1 255.255.255.0
    ip nat inside
    service-module external ip address 10.0.0.1 255.255.255.0
    service-module ip address 10.1.1.2 255.255.255.0
    service-module ip default-gateway 10.1.1.1
    interface Vlan1
    ip address 10.1.2.1 255.255.255.0
    ip nat inside
    ip local pool NM-ESW-16-POOL 10.1.2.2 10.1.2.254
    ip nat pool TEST-NAT-POOL 172.16.12.108 172.16.12.108 prefix-length 24
    ip nat inside source list 7 pool TEST-NAT-POOL overload
    ip http server
    no ip http secure-server
    ip classless
    ip route 0.0.0.0 0.0.0.0 172.16.12.254
    access-list 7 permit 10.1.2.0 0.0.0.255
    access-list 7 permit 10.1.1.0 0.0.0.255
    access-list 7 permit 10.0.0.0 0.0.0.255
    call rsvp-sync
    mgcp profile default
    dial-peer cor custom
    line con 0
    speed 115200
    line 65
    flush-at-activation
    no activation-character
    no exec
    transport input all
    line aux 0
    line vty 0 4
    password cisco
    login
    end
    reset service-module 2 to reboot the Content-Engine:
    service-module content-Engine 2/0 reload
    Within 30 Seconds Session from the Router to the Service Module:
    service-module content-engine session
    Enter Basic Configuration for Network Module:
    Password, etc…
    Configure The service Modeule using the command line interface:
    hostname NM-CE-BP
    ip domain-name CISCO.COM
    interface FastEthernet 0/0
    ip address 10.0.0.1 255.255.255.0
    exit
    interface FastEthernet 0/1
    ip address 10.1.1.2 255.255.255.0
    exit
    ip default-gateway 10.1.1.1
    primary-interface FastEthernet 0/1
    ip name-server 172.72.1.1
    wccp router-list 1 172.16.12.108
    wccp web-cache router-list-num 1
    wccp version 2
    username xxx password xxxx
    username xxxx privilege 15
    authentication login local enable primary
    authentication configuration local enable primary
    NM-CE-BP#exit
    You can use the command line interface to show statics from the Content Engine by using the show statistics screen command or use your web browers for a more graphical report.

  • CE-590 and Router

    I have a stand-alone CE-590 connected to 72xx ISP router,located outside of our PIX. When WCCP service is enabled, download speed (tested using DSLExtreme site) is about 11MB, but if WCCP is disabled (or simple unplugged cable from CE), then download speed jump to 22MB.
    The part of config is below:
    Router:
    ip wccp web-cache
    ip wccp 53
    ip wccp 91
    ip wccp 98
    interface FastEthernet0/0
    ip address XXXX XXXX
    ip route-cache same-interface
    interface Serial3/0
    ip wccp web-cache redirect out
    ip wccp 53 redirect out
    ip wccp 91 redirect out
    ip wccp 98 redirect out
    CE-590
    wccp router-list 1 XXXX
    wccp web-cache router-list-num 1 l2-redirect
    wccp custom-web-cache router-list-num 1 port 8080 l2-redirect
    wccp rtsp router-list-num 1
    wccp dns router-list-num 1 l2-redirect
    wccp version 2
    Any help will be appreaciate.

    Thank you for the reply. And I have some more info now.
    I did play with L2 config and left it on, but L2 doesn't effect the speed. I have no control of ISP router, I can only call them and ask for some changes (to add, to remove, etc). Their engineers can not explain to me why they need the Loopback interface, but take a look at the output of SHOW WCCP ROUTER comand and part of router's configuration. May be this is the reason???
    As you can see no Serial (Internet) interface is involved....
    X.X.X.X - is Router's Ethernet0
    Y.Y.Y.Y - is router's Loopback interface
    Z.Z.Z.Z - is Router's serial interface
    -CE-590#show wccp router
    Router Information for Service: Web Cache
    Routers Configured and Seeing this Content Engine(1)
    Router Id Sent To Recv ID
    Y.Y.Y.Y X.X.X.X 00007D5B
    Routers not Seeing this Content Engine
    -NONE-
    Routers Notified of but not Configured
    -NONE-
    Router Information for Service: Custom Web Cache
    Routers Configured and Seeing this Content Engine(1)
    Router Id Sent To Recv ID
    Y.Y.Y.Y X.X.X.X 00007D5B
    Routers not Seeing this Content Engine
    -NONE-
    Router Information for Service: DNS
    Routers Configured and Seeing this Content Engine(1)
    Router Id Sent To Recv ID
    Y.Y.Y.Y X.X.X.X 00007D5A
    Routers not Seeing this Content Engine
    -NONE-
    Routers Notified of but not Configured
    Router Information for Service: RTSP
    Routers Configured and Seeing this Content Engine(1)
    Router Id Sent To Recv ID
    0.0.0.0 X.X.X.X 0001163F
    Routers not Seeing this Content Engine
    X.X.X.X
    Routers Notified of but not Configured
    -NONE-
    Router Information for Service: WMT
    Routers Configured and Seeing this Content Engine(1)
    Router Id Sent To Recv ID
    0.0.0.0 X.X.X.X 00000000
    Routers not Seeing this Content Engine
    X.X.X.X
    Routers Notified of but not Configured
    -NONE-
    ROUTER:
    interface Loopback0
    ip address Y.Y.Y.Y 255.255.255.255
    no ip directed-broadcast
    interface Serial3/0
    description LAX-DC2--S8/1:8
    ip address Z.Z.Z.Z 255.255.255.254
    no ip directed-broadcast
    ip wccp web-cache redirect out
    ip wccp 53 redirect out
    ip wccp 91 redirect out
    ip wccp 98 redirect out
    interface FastEthernet0/0
    description
    ip address X.X.X.X 255.255.255.240
    ip access-group 194 in
    ip access-group 193 out
    no ip directed-broadcast
    ip route-cache same-interface
    Thanks again for help

  • Content Engine 565

    I have 2 catalyst 6506 and 2 cache engines. Want to achieve transparent caching(Client have proxy setting on the IE)
    I have configured exactly what the user guide has shown.
    But I cant see the http traffic begin re-direct to Content Engine.
    The http traffic go out directly to the proxy server.
    Attached is the config file for one of the content engine and one of the catalyst 6506.

    The configuration looks ok to me. You could probably turn on some debugs to see what is happening. Also check the cache engine status. You could use the commands in this document to help you.
    http://www.cisco.com/en/US/products/hw/contnetw/ps546/products_configuration_example09186a00801854c4.shtml

  • Content Engine multicast duration logs

    With Content Engines and CDN solution, we deployed a multicast station (for non-live contents). With the transaction logs we were able to log access to the first connection to the content-engine (as a http connection) but for our customer would be useful being able to track connection time of each client to the multicast station. There's a way to handle this?
    Thanks

    Well I am not sure if this is possible. You could however check the URL that the CE is caching. Here is the link to a document that explains how to do it.
    http://www.cisco.com/en/US/products/hw/contnetw/ps546/products_tech_note09186a008009409e.shtml

  • Content Engine + Barracuda Spyware firewall (transparent/intercept proxies)

    Hello all.
    We are trying to get our WAE-511 content engine and our Barracuda Spyware Firewall 310 to work together.
    It seems they interfere with each other because they are both transparent (intercept?) proxies.
    What would need to be done/configured (preferably in the Cisco CE) to make the two devices work together?
    Would shifting the CE to non-transparent mode help?

    check out the following link, hope this helps :
    http://www.cisco.com/en/US/products/ps6469/products_user_guide_chapter09186a00804a16ab.html

  • Content Engine basic question

    I just started with a content engine and wanted to enable streaming media. Is there a way to enable streaming media?

    Thanks for your help. here is some info:
    Model: ce565
    Version: Release 5.2.5 (build b9)

  • PI7.11 - Still going thru Integration Engine and Can't find Receiver

    Scenario:
    ECC<-----SoapAdapter(Synch)> PI7.11 <JDBCAdapter(Synch)--
    >OracleDatabase
    Use of Local Processing required in this project.
    I've successfully completed Design work and then completed Integrated Configuration (all those tabs, Inbound processing, Receiver, Receiver Interfaces, Outbound Processing look correct)
    Then I did the ABAP backend communication on the ECC side
    (SM59-RFC Destination to point to AAE,
    then SXMIF - defined Sender Interface,
    then sxmb_adm - IE Engine Config.-->Specific Config where I added IS_URL.
    Ran my test from ECC.  It is still going thru IE engine and cannot find receiver.
    What am I doing wrong?  Please advise...
    Edited by: Maurice Gonsalves on Dec 8, 2010 2:53 AM

    I did.
    In SXMSIF,  I only created a sender ID (named it, RECONREPORT) where I
    Left Agency and Schema blank
    Party and Service: put *
    Request - Put my Sender Interface and Sender namespace
    Then in SXMB_ADM-->Specific config.
    I created a new entry of
    Catogery: Runtime
    Parameters: IS_URL
    Subparameter: I copied the text of Sender ID from SXMSIF and pasted it.
    Current value: dest://AAE_PEH
    on a different note, in SM59 I have
    RFC Destination: AAE_PEH
    Target host: put my java host
    Service no: put my java port here.

  • Business Engine and Integration Engine based on which Engine ABAP or Java

    give me information about Business Engine and Integration Engine based on which Engine ABAP or Java Engine.
    What is Xapps and how it is related to XI

    Hi Sridhar
    About your other question:
    an ESR ( enterprise services repository) is central to xApps, and XI enables ESR.
    You can find more info on xapps and the CAF ( composite application framework) here :https://www.sdn.sap.com/irj/sdn/docs?rid=/webcontent/uuid/831740fa-0c01-0010-fc94-8b312e7fec2d [original link is broken]
    Hope this helps
    Thanks
    Hari

  • Content Engine transaction logs -- monitoring and analysis

    At our remote sites there's a local Cisco CE511 to ease our WAN bandwidth. I have been tasked to find a method to gather CE usage for trending and troubleshooting.
    From my search on the internet I decided to go with the Webalizer application. I setup the CEs to export their transaction logs every hour to my FTP server. After a test of Webalizer on a log file, it produced a nice HTML report for that hour.
    I would like to discuss with anyone on bringing this up to a new level. I would like webalizer to run as a cron job, but the log file names changes every hour. So that's a hurdle I need to figure out. Also keeping track of user web hits is important. I would like to make sure my reports are accurate in reporting what IP address is the top talker.
    I hope this will start a productive exchange of ideas. Thanks.

    Simple Network Management Protocol (SNMP) is an interoperable standards-based protocol that allows for external monitoring of the Content Engine through an SNMP agent.
    An SNMP-managed network consists of three primary components: managed devices, agents, and management systems. A managed device is a network node that contains an SNMP agent and resides on a managed network. Managed devices collect and store management information and use SNMP to make this information available to management systems that use SNMP. Managed devices include routers, access servers, switches, bridges, hubs, computer hosts, and printers.
    An SNMP agent is a software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP. The SNMP agent gathers data from the Management Information Base (MIB), which is the repository for information about device parameters and network data. The agent can also send traps, or notification of certain events, to the manager.
    http://www.cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_chapter09186a0080236630.html#wp1101506

  • Saturation on Content engine CE-565 and Smartfiler log

    Hi, with content engine CE-565-K9
    we have the following message log on the smartfilter:
    "Jun 25 08:19:03 cer44sec-pxy2.cer44.recouv cache: %CE-UNKNOWN-4-899999: too many jobs in plugin thread pool queue (1001). Maximum allowed is: 1000
    Jun 25 08:19:03 cer44sec-pxy.cer44.recouv cache: %CE-UNKNOWN-3-899999: Failed to start job to look up groups for user 'UR49100640'"
    I can't see how is limited the thread number on the CE565. So who can explain to me the signification of this log and/or how configring the maximun thread on the CE565.
    Thank's
    Michel

    Smartfilter uses a pool of 20 threads for LDAP lookups. What this error indicates is that the number of outstanding LDAP requests has grown to more than 1000 which is the limit supported.

  • Difference between Integration Engine and Integration server.

    can any 1 explained in detail about difference between Integration Engine and Integration server.
    thanks in advance

    Integration Server and Integration Engine are used synonymous with each other. But there is a sublte difference if you actually look into the XI architecture images provded by SAP.
    The Integration Server contains,
    1. Adapter Engine
    2. Business Process Engine
    3. Integration Engine.
    So, taking this into picture I guess Integartion server is a collection of these 3 while integration engine is one of the runtime components of XI. All messages are processed in the Integration Engine.
    regards
    Bhavesh

Maybe you are looking for