WCCP and 7600 - not redirecting traffic
I have a Blue Coat SG 210 connected to a 7600(SUP720). All web traffic is passing thru the 7600, WCCP config between the SG and 7600 are working. However traffic isn;t being redirected to Blue Coat..any idea why?
ip wccp 0 redirect-list BLUE-COAT group-list 90
Extended IP access list BLUE-COAT
1 permit tcp host 10.160.161.125 any eq www
2 permit tcp host 10.160.161.125 any eq 443
10 permit tcp host 10.160.161.199 any eq www
20 permit tcp host 10.160.161.199 any eq 443
Standard IP access list 90
8 permit 10.148.131.42 (2217 matches)
interface GigabitEthernet5/1
ip address 10.148.130.13 255.255.255.252
ip wccp 0 redirect in (I have tried both in/out)
ip pim sparse-dense-mode
ip route-cache flow
ip ospf network point-to-point
sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 10.148.135.253
Protocol Version: 2.0
Service Identifier: 0
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 0
Redirect access-list: BLUE-COAT
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: 90
Total Messages Denied to Group: 0
Total Authentication failures: 0
sh ip wccp 0 detail
WCCP Cache-Engine information:
Web Cache ID: 10.148.131.42
Protocol Version: 2.0
State: Usable
Redirection: GRE
Packet Return: GRE
Packets Redirected: 0
Connect Time: 05:52:10
Assignment: MASK
Mask SrcAddr DstAddr SrcPort DstPort
0000: 0x0000003F 0x00000000 0x0000 0x0000
Value SrcAddr DstAddr SrcPort DstPort CE-IP
0000: 0x00000000 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0001: 0x00000001 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0002: 0x00000002 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0003: 0x00000003 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0004: 0x00000004 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0005: 0x00000005 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0006: 0x00000006 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0007: 0x00000007 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0008: 0x00000008 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0009: 0x00000009 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0010: 0x0000000A 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0011: 0x0000000B 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0012: 0x0000000C 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0013: 0x0000000D 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0014: 0x0000000E 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0015: 0x0000000F 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0016: 0x00000010 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0017: 0x00000011 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0018: 0x00000012 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0019: 0x00000013 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0020: 0x00000014 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0021: 0x00000015 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0022: 0x00000016 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0023: 0x00000017 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0024: 0x00000018 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0025: 0x00000019 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0026: 0x0000001A 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0027: 0x0000001B 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0028: 0x0000001C 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0029: 0x0000001D 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0030: 0x0000001E 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0031: 0x0000001F 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0032: 0x00000020 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0033: 0x00000021 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0034: 0x00000022 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0035: 0x00000023 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0036: 0x00000024 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0037: 0x00000025 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0038: 0x00000026 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0039: 0x00000027 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0040: 0x00000028 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0041: 0x00000029 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0042: 0x0000002A 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0043: 0x0000002B 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0044: 0x0000002C 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0045: 0x0000002D 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0046: 0x0000002E 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0047: 0x0000002F 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0048: 0x00000030 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0049: 0x00000031 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0050: 0x00000032 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0051: 0x00000033 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0052: 0x00000034 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0053: 0x00000035 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0054: 0x00000036 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0055: 0x00000037 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0056: 0x00000038 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0057: 0x00000039 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0058: 0x0000003A 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0059: 0x0000003B 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0060: 0x0000003C 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0061: 0x0000003D 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0062: 0x0000003E 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
0063: 0x0000003F 0x00000000 0x0000 0x0000 0x0A94832A (10.148.131.42)
Ilir,
How is this second group of users connected to the ASA? Their outbound traffic has to be going out the "inside" interface also. If they are on another port on the ASA, WCCP won't catch their traffic. i.e. You can't use the DMZ interface on an ASA and point its web traffic at a WSA that lives inside.
Ken
Similar Messages
-
Folder redirection configured in GPO does not create Documents folder and does not redirect
Hi
Another Folder Redirect-post - sorry for that, but I could not find an answer for my problem so far: even with consulting many threads here...
We have an existing environment under Windows XP and want to move away from that. Now I ran into troubles with folder redirection...
The following folder- and permission structure exists so far:
\\<server>\<Users$-share>: This is the base folder for all users-directories
-> Permissions: SYSTEM: Full / Administrators: Full / Users: Read&Execute, only this folder
-> Share-permissions: Authenticated users: Full control
\\<server>\<Users$-share>\<username>: base folder for the specific user
-> Permissions: SYSTEM: Full / Administrators: Full / User: Change, all permissions inherited onwards
-> Giving only change permission prevent further problems with self-called "advanced users"... ;-)
\\<server>\<Users$-share>\<username>\profil.V2: Profile directory of the user
-> Of course here the permissions are set by the system: override the predefined permission
\\<server>\<Users$-share>\<username>\daten: Atcual Home directory of the user
\\<server>\<Users$-share>\<username>\daten\Documents: Suposed Documents directory of the user
Now I am going to Server 2012 and Windows 8.1, configured the GPO to redirect Documents folder into the above mentioned:
GPO - User configuration - Policies - Windows settings - Folder Redirection - Documents:
Setting: Standart - redirects all folders to the same path
Destination folder: Copy to base directory of the user
I apply policy to the user, log out and in - it doesn't work, no folder Documents created in my home-folder, Folder Documents still configured at C:\Users\<user>\Documents
A very special point:
I also do Redirection of the My Pictures-folder: Define it to follow the Documents folder. Funnily that one works and creates and configures \\<server>\<Users$-share>\<username>\daten\Pictures
-> So in my eyes, it should work!
Then: I want to do the folder redirection without Offline Files, due to the fact, that our users work with dynamically assigned virtual desktops, which are been cleaned everytime a user logs off a machine. Therefore synchronizing doesn't make sense...
I just cannot see, why this redirection does not work :-(
Thank you very much for any help!
Kind regards
DavidHi David,
Before going further, would you please let me confirm the OS version of the Windows Server which you used to
configure folder redirection? Based on your description, did you mean that those users (who will be applied folder redirection settings) logged on Windows XP client computer?
When you configure the folder redirection setting in Document Properties (path:
User Configuration-> Policies-> Windows Settings-> Folder Redirection-> Documents), please check if you checked “Also apply redirection policy to Windows 2000, Windows 2000 Server, Windows XP, and Windows Server 2003 operating system” in Settings
tab. As below picture shows.
à
GPO - User configuration - Policies - Windows settings - Folder Redirection - Documents:
à•Setting: Standart
- redirects all folders to the same path
à•Destination
folder: Copy to base directory of the user
Would you please provide a screenshot of those settings you describe? Meanwhile, please summarily describe
that how you configure. For example, where this GPO link to? Or any other. It will help me to understand clearly. Thanks for your understanding.
In addition, please use
gpresult command to check if the folder redirection group policy was really applied.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu -
WCCP not redirecting users traffic from other subnets
Hello,
I have configured WCCP redirection on ASA for redirecting transparently http and https traffic.
I have configured a service ID 90 that contains 80 and 443 port. The ironport S160 has two interfaces, one for management and the other for data.
The interface used for data is on a different subnet that the inside interface of ASA where it is configured WCCP.
The problem is that the users that are in the same subnet with ironport data interface, their traffic gets redirected, while the traffic of the other users that are not in the same subnet with ironport data interface is not processed correctly from ironport and this users does not have internet access.
Any idea ?
BR,
IlirIlir,
How is this second group of users connected to the ASA? Their outbound traffic has to be going out the "inside" interface also. If they are on another port on the ASA, WCCP won't catch their traffic. i.e. You can't use the DMZ interface on an ASA and point its web traffic at a WSA that lives inside.
Ken -
Hello,
I am trying to redirect packets to a bluecoat proxy sg using WCCP on a 3750x stack with IP services.
I cant get the packets to redirect.
The bluecoat device is on the same vlan as the client traffic that I am trying to redirect.
It seems that when I apply the redirect on the vlan interface, the Bluecoat can see the traffic though.
(After it is applied, I can no longer access the websites, but the bluecoat device shows some activity)
SDM prefer is enabled.
Here is the config:
SiteA#sh run
Building configuration...
Current configuration : 7699 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname SiteA
boot-start-marker
boot-end-marker
enable secret 5 $1$V1w8$6bmKd6oXWk//FH7/BaoFG.
username systemsgo privilege 15 secret 5 $1$vu8O$1uMdtS1Gzk12.YT3RObZO1
no aaa new-model
switch 1 provision ws-c3750x-24
switch 2 provision ws-c3750x-24
system mtu routing 1500
ip routing
ip wccp 90 redirect-list 115 group-list 15
vtp mode transparent
track 1 ip sla 1 reachability
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 10
ip ssh version 2
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
interface GigabitEthernet1/0/1
no switchport
ip address 192.168.20.2 255.255.255.252
speed 100
duplex full
interface GigabitEthernet1/0/2
no switchport
ip address 192.168.20.9 255.255.255.252
interface GigabitEthernet1/0/3
switchport access vlan 10
switchport mode access
interface GigabitEthernet1/1/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
interface GigabitEthernet2/0/1
description *BlueCoat Proxy*
switchport access vlan 10
switchport mode access
interface GigabitEthernet2/0/2
switchport access vlan 10
switchport mode access
interface GigabitEthernet2/1/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
interface GigabitEthernet2/1/2
interface GigabitEthernet2/1/3
interface GigabitEthernet2/1/4
interface TenGigabitEthernet2/1/1
interface TenGigabitEthernet2/1/2
interface Vlan1
no ip address
interface Vlan10
ip address 10.10.20.3 255.255.255.0
standby 10 ip 10.10.20.1
standby 10 priority 110
standby 10 preempt
ip wccp 90 redirect in
router eigrp 1
network 10.10.20.0 0.0.0.255
network 192.168.10.0
network 192.168.20.0 0.0.0.3
redistribute static
ip local policy route-map IP_SLA_SiteA
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.20.10 track 1
ip sla 1
icmp-echo 4.2.2.2 source-ip 192.168.20.9
threshold 300
frequency 15
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
logging esm config
access-list 15 permit 10.10.20.220
access-list 101 permit icmp host 192.168.20.9 host 4.2.2.2
access-list 115 permit tcp 10.20.20.0 0.0.0.255 any eq www
access-list 115 permit tcp 10.20.20.0 0.0.0.255 any eq 443
access-list 115 permit tcp 10.10.20.0 0.0.0.255 any eq 443
access-list 115 permit tcp 10.10.20.0 0.0.0.255 any eq www
access-list 115 permit tcp 192.168.20.0 0.0.0.255 any eq www
access-list 115 permit tcp 192.168.20.0 0.0.0.255 any eq 443
route-map IP_SLA_SiteA permit 10
match ip address 101
set ip next-hop 192.168.20.10
SiteA#
SiteA#show ip wccp 90
Global WCCP information:
Router information:
Router Identifier: 192.168.20.9
Protocol Version: 2.0
Service Identifier: 90
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 0
Process: 0
CEF: 0
Redirect access-list: 115
Total Packets Denied Redirect: 52389
Total Packets Unassigned: 71
Group access-list: 15
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total GRE Bypassed Packets Received: 0
SiteA#show ip wccp 90 detail
WCCP Client information:
WCCP Client ID: 10.10.20.220
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: GRE
Packets Redirected: 0
Connect Time: 00:19:36
Assignment: MASK
Mask SrcAddr DstAddr SrcPort DstPort
0000: 0x00000000 0x0000003F 0x0000 0x0000
Value SrcAddr DstAddr SrcPort DstPort CE-IP
0000: 0x00000000 0x00000000 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0001: 0x00000000 0x00000001 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0002: 0x00000000 0x00000002 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0003: 0x00000000 0x00000003 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0004: 0x00000000 0x00000004 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0005: 0x00000000 0x00000005 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0006: 0x00000000 0x00000006 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0007: 0x00000000 0x00000007 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0008: 0x00000000 0x00000008 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0009: 0x00000000 0x00000009 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0010: 0x00000000 0x0000000A 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0011: 0x00000000 0x0000000B 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0012: 0x00000000 0x0000000C 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0013: 0x00000000 0x0000000D 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0014: 0x00000000 0x0000000E 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0015: 0x00000000 0x0000000F 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0016: 0x00000000 0x00000010 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0017: 0x00000000 0x00000011 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0018: 0x00000000 0x00000012 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0019: 0x00000000 0x00000013 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0020: 0x00000000 0x00000014 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0021: 0x00000000 0x00000015 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0022: 0x00000000 0x00000016 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0023: 0x00000000 0x00000017 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0024: 0x00000000 0x00000018 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0025: 0x00000000 0x00000019 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0026: 0x00000000 0x0000001A 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0027: 0x00000000 0x0000001B 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0028: 0x00000000 0x0000001C 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0029: 0x00000000 0x0000001D 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0030: 0x00000000 0x0000001E 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0031: 0x00000000 0x0000001F 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0032: 0x00000000 0x00000020 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0033: 0x00000000 0x00000021 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0034: 0x00000000 0x00000022 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0035: 0x00000000 0x00000023 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0036: 0x00000000 0x00000024 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0037: 0x00000000 0x00000025 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0038: 0x00000000 0x00000026 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0039: 0x00000000 0x00000027 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0040: 0x00000000 0x00000028 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0041: 0x00000000 0x00000029 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0042: 0x00000000 0x0000002A 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0043: 0x00000000 0x0000002B 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0044: 0x00000000 0x0000002C 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0045: 0x00000000 0x0000002D 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0046: 0x00000000 0x0000002E 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0047: 0x00000000 0x0000002F 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0048: 0x00000000 0x00000030 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0049: 0x00000000 0x00000031 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0050: 0x00000000 0x00000032 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0051: 0x00000000 0x00000033 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0052: 0x00000000 0x00000034 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0053: 0x00000000 0x00000035 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0054: 0x00000000 0x00000036 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0055: 0x00000000 0x00000037 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0056: 0x00000000 0x00000038 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0057: 0x00000000 0x00000039 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0058: 0x00000000 0x0000003A 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0059: 0x00000000 0x0000003B 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0060: 0x00000000 0x0000003C 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0061: 0x00000000 0x0000003D 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0062: 0x00000000 0x0000003E 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0063: 0x00000000 0x0000003F 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
SiteA#
SiteA#sh sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K
SiteA#Hi Jon,
There are no more throughput issues.
Everything is working well. Thanks so much!
As for the WCCP,
I put the redirect acl on the L3 ports that connect back to 3750_3, but it is still not catching the traffic from the user vlan 20 on 3750_3. (We did however get it working for the server vlan in Site1 and Site2)
I'm not sure what you meant when you said:
Then you simply use site1 or site2's devices for web traffic.
Do I need to change the gateway for the users vlan in Site 3750_3 to something else?
Right now it is pointing to 10.20.20.1 on the 3750_3.
Below is what I have so far on the 3750_3.
I tried to force the traffic via PBR to the BlueCoat device, but that didnt seem to work either.
UserSite(config)#do sh run
Building configuration...
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname UserSite
boot-start-marker
boot-end-marker
no aaa new-model
switch 1 provision ws-c3750x-48p
switch 2 provision ws-c3750x-48p
system mtu routing 1500
ip routing
vtp mode transparent
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 10
vlan 20
name clients
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
interface GigabitEthernet1/0/47
description *CERTES-MGMT-MAIN*
switchport access vlan 20
switchport mode access
interface GigabitEthernet1/0/48
description *MAN-LINE-TO-DC-MAIN*
no switchport
ip address 192.168.20.1 255.255.255.252
speed 100
duplex full
interface GigabitEthernet1/1/1
interface GigabitEthernet1/1/2
interface GigabitEthernet1/1/3
interface GigabitEthernet1/1/4
interface TenGigabitEthernet1/1/1
interface TenGigabitEthernet1/1/2
interface GigabitEthernet2/0/47
description *CERTES-MGMT-DR*
switchport access vlan 20
switchport mode access
interface GigabitEthernet2/0/48
description *MAN-LINE-TO-DC-DR*
no switchport
ip address 192.168.20.5 255.255.255.252
speed 100
duplex full
interface GigabitEthernet2/1/1
interface GigabitEthernet2/1/2
interface GigabitEthernet2/1/3
interface GigabitEthernet2/1/4
interface TenGigabitEthernet2/1/1
interface TenGigabitEthernet2/1/2
interface Vlan1
ip address 192.168.10.254 255.255.255.0
interface Vlan20
ip address 10.20.20.1 255.255.255.0
ip helper-address 10.10.20.30
router eigrp 1
network 10.20.20.0 0.0.0.255
network 192.168.10.0
network 192.168.20.0 0.0.0.7
offset-list 10 in 100 GigabitEthernet2/0/48
eigrp stub connected summary
ip local policy route-map PBR_Proxy
ip classless
ip http server
ip http secure-server
ip access-list extended Traffic2Proxy
permit tcp 10.20.20.0 0.0.0.255 eq www any
permit tcp 10.20.20.0 0.0.0.255 eq 443 any
ip sla enable reaction-alerts
route-map PBR_Proxy permit 10
match ip address Traffic2Proxy
set ip next-hop 192.168.50.220
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
login local
line vty 0 4
exec-timeout 30 0
privilege level 15
logging synchronous
login local
length 0
transport input telnet ssh
line vty 5 15
exec-timeout 30 0
privilege level 15
logging synchronous
login local
transport input telnet ssh
end -
Igoogle costantly redirects and will not open why? Cookies are ok.
Whenever I enter igoogle in the address box or click on igoogle in the bookmark bar a box appears with a message stating, redirected, do not try again as it will not work or words to that effect. How do I access igoogle? Tracking cookie are not blocked. Any help would be appreciated. Thanks.
See:
*Firefox > Options/Preferences > Advanced > General : Accessibility : [ ] "Warn me when web sites try to redirect or reload the page"
The setting in "Tools > Options > Advanced > General" is meant as an accessibility feature, as you can see by the label of that section, so that people with disabilities or people who use screen readers do not get confused and is not meant as a safety protection to stop redirecting.
See also:
*https://support.mozilla.org/kb/settings-network-updates-and-encryption#w_general-tab
*http://kb.mozillazine.org/accessibility.blockautorefresh
*http://kb.mozillazine.org/Accessibility_features_of_Firefox -
(Linecard image not present) at WS-SSC-600 and 7600-SIP-400
i install two modules WS-SSC-600 and 7600-SIP-400 in slot 5 and 6 in 13-slot chassis and give this output from show power (Linecard image not present)
for both cards.
supervisor engine is : VS-S720-10G with sub-module VS-F6K-PFC3CXL and VS-F6K-MSFC3
IOS : s72033-advipservicesk9-mz.122-33.SXI9
what that mean and how to fix it ?Ok problem solved by upgrade ios to another version but the new image must contains (_wan) in image name for example (
s72033-advipservicesk9_wan-mz.122-33.SXJ6 ) otherwise the two modules will not powered up. -
I don't know what other details I can give you. I get redirected when I want to go to most websites. How do I get rid of it?
Do a malware check with some malware scan programs. You need to scan with all programs because each program detects different malware. Make sure that you update each program to get the latest version of the database before doing a scan.
* http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
* http://www.superantispyware.com/ - SuperAntispyware
* http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
* http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
* http://www.lavasoft.com/products/ad_aware_free.php - Ad-Aware Free
See also "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked and Searches are redirected to another site -
Single WAE \ WCCP \ Dual Routers - Slow Accelerated Traffic
Our standard WAE design was to have dual WAE's at sites with dual Routers.
The WAE's are either 674's or 574's and the routers are Cisco ISR's all works well.
Several new sites have coome online but these sites now only have a single WAE devcie and two WAN routers. Some users at
The issue I have now is that some "Accelerated" sessions via the WAE devices are reported by users as being very slow. When those sessions are removed from WAAS policy and set to pass through the user reports normal access again.
On looking at the problem I have possibly identified that the lack of the command;
ip wccp redirect exclude in on the router interface
But this command was never applied to the exisiting design, though potentialy under normal conditiaon where both routers and both WAE's are working it's never been a problem.
From Cisco;
In any scenario where egress redirection is used, the command above MUST be issued on the router interface adjacent to the WAE. This command, "ip wccp redirect exclude in", ensures that packets received on the interface are not redirected again. This prevents an optimized packet from being rerouted directly back to the WAE. Instead, with this command applied, the router would simply see the packet coming in and forward it normally (WCCP would be bypassed for packets received on that interface).
The WAE's are NOT L2 connected to the Routers so the following config is applied,
rtr no 1
ip wccp 61 redirect-list WAAS
ip wccp 62 redirect-list WAAS
ip cef
interface GigabitEthernet0/0
description *** Data LAN
ip address x.y.7.6 255.255.255.192
ip wccp 61 redirect in
ip wccp 62 redirect out
rtr no 2ip wccp 61 redirect-list WAAS
ip wccp 62 redirect-list WAAS
ip cef
interface GigabitEthernet0/0
description *** Data LAN
ip address x.y.7.1 255.255.255.192
ip wccp 61 redirect in
ip wccp 62 redirect out
WAE Configprimary-interface Standby 1
interface Standby 1
ip address x.y.7.65 255.255.255.192
interface GigabitEthernet 1/0
standby 1 primary
exit
interface GigabitEthernet 2/0
standby 1
exit
wccp router-list 1 x.y.7.1 x.y.7.6
wccp tcp-promiscuous router-list-num 1
wccp version 2
Option 2 below is used. But all sites have DUAL Routers. Note Redirect Exclude is NOT configured.
Thanks in advance for any support offered.Thanks for your post, details below.
What do you mean by "sessions removed from WAE policy" ? Are you configuring static bypass on the WAE or are you excluding specific traffic with the WCCP redirect list ?
I am defining certain traffic as Passtrough via a ststic bypass on the WAE’s
- check if the slowness affects all the redirected traffic or just particular sources/destinations/applications
Recent testing has identified it just seems to affect a certain share, which I am investigating as this share has some kind of "Archive" solution in place.
- make sure that the WCCP redirect ACL matches both directions of the connections
It does
- check the redirect / return method that is being negotiated
All OK
- make sure both routers are seeing the WAE via WCCP
Yes they are
- check for "routing loop" in the WAE syslog.txt to understand if the WAE is receiving some traffic twice
Investigating and will post reply.
Are the affected connections showing up in the "show stat connection" output on the WAE ? If so, are they optimized or PT ?
They show as fully optimized when configured for the CIFS AO, but revert to PT when the static WAE policy is altered. -
We have two routers running the same IOS version in our core - c7200-is-mz.123-10a.bin. One terminates a number of tunnels and the other has a number of dialer interfaces associated with an ISDN PRI. Each of our site routers has a tunnel going to the core (via an ADSL connection) and a backup ISDN interface with a dialer configured. When we are running on the primary links everything works fine. When we are running on the backup links (the ISDN) WCCP redirection seems to prevent clients from accessing services on TCP in the core (I can telnet to the core ISDN router from a PC on site, but can't access anything else). Ping always works fine - hence my suspicions about WCCP. If I disable WCCP on the core router with the ISDN links backup connections work fine.
Our remote routers use c2800nm-advsecurityk9-mz.124-11.T4.bin.
My question is - is there any issue with WCCP redirection and dialer interfaces?
Below is the relevant config for the routers that don't work (addresses, names and numbers have been sanitized.
corerouter#
ip wccp 61
ip wccp 62
interface Dialer183
description Backup DoD for remote site
bandwidth 64
ip address 192.168.1.1 255.255.255.252
ip wccp 61 redirect out
ip wccp 62 redirect in
encapsulation ppp
dialer pool 2
dialer remote-name siterouter
dialer idle-timeout 300
dialer enable-timeout 60
dialer wait-for-carrier-time 10
dialer caller 222222
dialer-group 1
snmp ifindex persist
ppp authentication chap
End
siterouter#sh run
ip wccp 61
ip wccp 62
interface Dialer1
description Backup DoD to the core via ISDN
bandwidth 64
ip address 192.168.1.2 255.255.255.252
ip wccp 62 redirect in
encapsulation ppp
dialer pool 2
dialer remote-name corerouter
dialer idle-timeout 300
dialer enable-timeout 60
dialer wait-for-carrier-time 10
dialer string 111111
dialer caller 222222
dialer-group 2
ppp authentication chap
endZach,
I've tried that as you suggested and it made no difference. I had seen a bug on the bugtracker about process switched packets possibly not being WCCP redirected correctly, so I have also tried ensuring that CEF was enabled, and removing compression in case that made the packets process switch.
I have also tried removing the multilink and ensuring that only one ISDN B channel is pulled up for that dialer interface. That made no difference.
I have verified that it is the router in the core that is causing the issue because I can have the remote site connect to the core via ISDN and have WAAS optimise traffic from that remote site to another remote site via the core (if I disable WCCP in the core).
Thanks,
Peter -
I am new to WCCP and I am having trouble getting the Sophos Web Appliance to Connect to a 6509e port channel. The Web app is on a VM host and the host is connected to the 6509 by two interfaces on a port channel.
Here are the wccp parts of the config:
ip wccp web-cache group-list 98 password
Standard IP access list 98
10 permit 172.18.4.55 (1403 matches) (host)
sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 10.1.18.251
Protocol Version: 2.0
Service Identifier: web-cache
Number of Service Group Clients: 0
Number of Service Group Routers: 0
Total Packets s/w Redirected: 0
Process: 0
CEF: 0
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: 98
Total Messages Denied to Group: 0
Total Authentication failures: 735
Total Bypassed Packets Received: 0
sh ip wccp web-cache view
WCCP Routers Informed of:
-none-
WCCP Clients Visible:
-none-
WCCP Clients NOT Visible:
-none-
#sho ip wccp web-cache det
WCCP Client information:
WCCP Client ID: 172.18.4.55
Protocol Version: 2.0
State: NOT Usable (Initializing)
Redirection: L2
Packet Return: L2
Packets Redirected: 0
Connect Time: 00:00:04
Assignment: MASK
At one time I had the Server listed in WCCP Clients visible but, now it's gone. I am concerned about the State: NOT Usable (Initializing) statment. It is not changing. Has anyone had this problem? Of course Sophos said it was easy!
Thank you in advance.The fix is to white list download.acrocomcontent.com for future reference.
Bye! -
Redirecting traffic on SunOne 6.1 SP4
hi all,
i've got a web server running SunOne 6.1 SP4, and im trying to figure how to redirect traffic from 2 different locations.
the web server is accessed both thru the LAN and the Internet. how is it possible to re-direct traffic coming from an internal UP to another interanl IP and traffic from an external IP to an external IP.....?
currently im using the following in my obj.conf file. but this is re-directing all traffic to one location.
<Client security="false">
NameTrans fn="redirect" from="/" url-prefix="http://x.x.x.x/"
</Client>
how can i configure this to re-direct traffic coming from the LAN (these come from a 10.1.x.x segment) to another internal IP and traffic coming from the web to another external IP...?
any help on the matter would be highly appreciated.
thanks and regards,To Documentation team,
Here is what to do :
update in http://docs.sun.com/app/docs/doc/820-1643/6nda4qg75?l=en&a=view#abvau
Old Text :
<Client ip="~192.85.250.*">AddLog fn="flex-log" name="access"</Client>
New Text :
<Client ip="\*~192.85.250.\*">
AddLog fn="flex-log" name="access"
</Client>
Note that a * (asterisk) is required before ~ (tilda) and make these 3 separate lines. -
Iptables and tor, reroute all traffic for security... Help?
I'm attempting to route all TCP traffic that does not go through polipo through port 9040, tor's default TransPort. My web browser uses polipo to cache stuff, so I'd like to keep it in place if possible. However, all non-http traffic needs to be sent through the transPort. My current config, which does not take into account rerouting, is below:
# Generated by iptables-save v1.4.15 on Fri Oct 12 16:33:33 2012
#*nat
#:PREROUTING ACCEPT [12:3420]
#:INPUT ACCEPT [1:261]
#:OUTPUT ACCEPT [0:0]
#:POSTROUTING ACCEPT [0:0]
#-A OUTPUT ! -p tcp -m owner --owner-uid tor -j REDIRECT --to-ports 9040
#-A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 9053
#COMMIT
# Completed on Fri Oct 12 16:33:33 2012
# Generated by iptables-save v1.4.15 on Fri Oct 12 16:33:33 2012
*filter
:INPUT DROP [9:1175]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [8:488]
# allow loopback
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
# allow NTPD time syncs
-A OUTPUT -p udp --dport 123 -j ACCEPT
# allow tor
-A OUTPUT -j ACCEPT -m owner --uid-owner tor
-A OUTPUT -p tcp --dport 9040 -j ACCEPT
-A OUTPUT -p udp --dport 53 -j ACCEPT
# allow BitTorrent
-A OUTPUT -p tcp --dport 6969 -j ACCEPT
-A OUTPUT -p tcp --dport 51413 -j ACCEPT
-A OUTPUT -p udp --dport 51413 -j ACCEPT
# allow pings (still not working. fix?)
-A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
# allow traffic on established connections
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
COMMIT
# Completed on Fri Oct 12 16:33:33 2012
as you can see, I've already tried to redirect traffic using the --uid-owner polipo rule. So far, it's just caused iptables to spit out errors. I'm stumped, so I thought I'd come to you wonderful people at the Archlinux forums for help.Using the command you gave me, I found that the polipo user is indeed executing /usr/bin/polipo. Other than that, polipo is executing no processes.
I tried adding the following to my iptables rules nat section:
-A OUTPUT -p tcp -m tcp -m owner ! --uid-owner polipo -j ACCEPT
-A OUTPUT -p tcp -m tcp -m owner ! --uid-owner polipo -j REDIRECT --to-ports 9040
polipo now works, but the rest of my traffic that should go to the TransPort gets blocked.
[EDIT]
I'm now trying the same thing, except that I've chained privoxy with polipo like so:
browser > privoxy > polipo > tor > internet
my iptables rules look like this:
# Generated by iptables-save v2.4.15 on Fri Oct 12 16:33:33 2012
*nat
:PREROUTING ACCEPT [12:3420]
:INPUT ACCEPT [1:261]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
#-A OUTPUT -p tcp -m tcp -m owner ! --uid-owner tor -j REDIRECT --to-ports 9040
-A OUTPUT -p tcp -m tcp -m owner ! --uid-owner tor -m owner ! --uid-owner polipo -m owner ! --uid-owner privoxy -j REDIRECT --to-ports 9040
COMMIT
# Completed on Fri Oct 12 16:33:33 2012
# Generated by iptables-save v1.4.15 on Fri Oct 12 16:33:33 2012
*filter
:INPUT DROP [9:1175]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [8:488]
# general
-A OUTPUT -p tcp -m owner --uid-owner tor -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# allow loopback
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A INPUT -p all -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
# allow NTPD time syncs
-A OUTPUT -p udp --dport 123 -j ACCEPT
# allow tor
-A OUTPUT -p tcp --dport 9040 -j ACCEPT
-A OUTPUT -p udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp --dport 8123 -j ACCEPT
-A OUTPUT -p tcp --dport 8118 -j ACCEPT
# allow pings
-A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
COMMIT
# Completed on Fri Oct 12 16:33:33 2012
and it STILL won't route traffic right. iptables redirects to the TransPort, but any traffic passed through polipo or privoxy reveals "connection reset" error message. Help?
Last edited by ParanoidAndroid (2013-03-12 01:50:51) -
WAAS Rjct Resources and conditions for asymmetric traffic
Hello,
I have a customer network of 30 WAE's connected to an MPLS cloud. Interception method is inline for all WAE, and WCCP for NM-WAE.
Of those WAE's (running 4.1.1c), I have 3 that are connected in Datacenters, as such they are expected to receive most of the traffic and have been dimensioned as OE7341 appliances.
It is my impression that this network statistics are not as good as they should be: Some of the optimizations factor are at 1.2 or 1.3X and most are simply 1.0X.
My impression is that there is a lot of passthrough traffic, and although some of it is configured as so on the application policies, when I check statistics pass-through on several WAE's on the network I see that the Rjct Resources is very high in a particular WAE in a Datacenter - that has a 7341 Box (12Gb RAM!) - and I also do get non-zero counters on other boxes.
Is there any way to see on a given moment how many connections are going through the box so that I understand if I'm really facing a box capacity issue? The initial shows I did didn't look as there were that many connections running through the box, but if I checked them live I saw about 65 Rjct Resource connection at a given time.
Can anybody shed some light on this particular statistic?
sghmansin--17w#
sh statistics pass-through
Outbound
PT Client:
Bytes 4081578138946
Packets 11567591648
PT Server:
Bytes 8833662508567
Packets 13797553929
Active Completed
Overall 0 0
No Peer 7 141742513
Rjct Capabilities 0 0
Rjct Resources 65 273669865
App Config 6 25610854
Global Config 0 0
Asymmetric 1 1597096
In Progress 97 453847516
Intermediate 0 0
Overload 0 0
Internal Error 0 478
App Override 0 0
Server Black List 0 150553
AD Version Mismatch 0 0
sghmansin--17w#
One other observation is that pass-through through asymetric is also very frequent. Given that the customer is mostly using inline interception, even if a connection comes through a WAN/LAN interface pair and exits through another, the optimization should still be done.
The datacenter designs are dual-homed active/passive, and traffic goes through the same (and only) WAE box. The customer assures me that there is no asymetrical traffic.
Can anybody explain to me how is the decision made to mark a given flow as asymmetrical (and them pass-through it)?
Thanks
Gustavo NovaisHi Dan, Thank you for your reply.
That show was just from one of the boxes, in this case on the Datacenter.
For instance I also see asymetricals in NM-WAE's configured for WCCP. But the number is not that substantial, which makes me believe the interception is well configured (unfortunately the routers are managed by a third party, and I am yet to have access to their config).
All boxes on this network have Enterprise License activated.
How can I check on a given moment all connections count on the box? is there any MIB oid pollable to check that?
Do passthrough connections count to the overall limit?
While doing the diagnostics on the WAAS devices there was in deed a WAAS device marked as having asymetrical traffic, but many others have PT Asym connections and have not been marked as such by the diagnostics?
How does the diagnostic work? Is it a instantaneous dianostic (i.e. checks connection table at time T to see if any of the current connections is PT Asym )?
If on the far end of a connection we do have an asymetrical network topology, does the near end also mark the same connection as PT Asym, or will it simply say No Peer?
thanks
Thanks -
WCCP and WAN optimisation via Layer 3 connection
Hi There,
I need some help with WCCP, however with Riverbeds instead of WAAS.
The topology of the set up is as follows:
WAN - R1 - LAN - L3 Switch - Riverbed
The clients reside on the WAN side and the servers reside on the LAN side.
My business wishes to enable WCCP on two separate WAN routers to the single Riverbed. One router is fuly managed service, and the other rout the is managed by the business IT team.
All the articles that I have come across talk about enabling WCCP on the router whereby the WAN optimisation appliance is directly connected to a interface router. I need to configure WCCP to a Riverbed that is connected to a subnet that is a single hop away via a Layer 3 switch.
My plan is to enable WCCP in the inbound directions on both the LAN and WAN interfaces, however my concern is that this design will mean the traffic passing through the LAN side interface will be optimised twice.
Can any one confirm if this would happen? If it could happen can it potentially be stopped by placing a "ip wccp redirect exclude out" command on the LAN interface.
Thanks is advance for your help.Hi Andreas,
"ip wccp redirect exclude out" only makes sense if you have a "ip wccp redirect out"
on a L3 interface on the router.
It's purpose is to avoid redirecting an already optimised packet, comming from a L3-interface where the WAAS/Riverbed device is connected, once more.
A double redirect will, in a WAAS setup, cause the WAAS device to drop the packet, because
it suspects a routing loop... don't know what Riverbed does.
Running only with "ip wccp redirect in" on both the WAN and LAN interface will cause :
1) a packet comming in from the LAN, is supposed to be unoptimised, and will be redirected
2) a packet comming in from the WAN, is supposed to be optimised, and will also redirected
3) an IP-interface with only the WAAS/Riverbed connected should NEVER be redirected !
If you cannot isolate your WAAr/Riverbed in it's own L3 subnet (subinterface/VLAN),
and therefore have to place it in the "ordinary" LAN subnet, packets from the WAAS/Riverbed will becomes candidates for redirection (even with "ip wccp redirect in"), you'll need to use "WCCP negotiated Return", but don't know whether Riverbed supports this,
Riverbed normally uses "tunnels" on the WAN side, and this makes the WCCP setup somewhat different.
You should really consult the Riverbed documentation or their support
... or migrate to Cisco WAAS ;-)
Best regards
Finn Poulsen -
We have a CFTV system running on Win2008R2 that listens on 4 sequential port numbers and the last port is the Web Browser Port number for management and viwing cameras
When we configure the port 8077 on the software, it opens 8077, 8078, 8079 and 8080 and works with no problem
But...
When we try to configure ports 77 (and therefore 77, 78, 79 and 80) thw applications hangs and seems like not be possible to configure to use port 80
I could confirm that, using NETSTAT and the main CFTV application open all required ports with no problem, but only works on ports with a different number from "80", wich is what i want, to make users more confortable, avoiding to type ":PORT_NUMBER"
after the URL, it will be more "ellegant" solution to use default port 80 for user´s connections
The question is: How to do a PortForward/Port Proxy? Redirecting traffic from port 8080 to 80 on the SAME machine?
May i Use NETSH? (based on Help, it can be used to do this, but on different machines, not the same one)
There is a RELIABLE application, running as a service, that can do the port forward/redirect?Hi,
I’m sorry to tell you that we can’t redirect traffic from a port to another port on the same server itself. But we can do it with a router which is configured to portfoward.
By the way, according to your description, another program may use the port 80. Is there an IIS installed on the server? If it is necessary, you can consult your CFTV system vendor.
Hope this helps.
Steven Lee
TechNet Community Support
Maybe you are looking for
-
Itunes wont open because itfile was created in a newer version?
Hi all, I tried to download the new iphone software yesterday through itunes. It told me it was downloading a new version plus a new safari. It got half way through and the itunes part had a red X through it and didnt continue, instead it completed t
-
How to change Page Text in Book Module?
I am in the process of creating a 158 page photo book to be printed by Blub. I have created many other Blurb books using their BookSmart software. This is my first attempt using the Lightroom Book Module. My problem is I would like the change the d
-
How can I have a tv program no longer on ITUNE added back
i want to know that can you put back the power rangers on itunes and can you get the other power rangers and can you put back mighty morphin power rangers and can you get all the episode of power rangers and put it back on itunes and i want to know t
-
Which network ip address will my mobile clients receive
Hi folks I have an AP in my production site which has a vlan configured as native vlan and the ssid related to this vlan is being used for communication with other wireless bridges. The BVI interface of this AP is ofcourse having an IP of the native
-
Question marks instead of bullets in gmail
when testing this html email in gmail, there are question marks where there are supposed to be bullet points. any idea why? here's the page (which checks out as valid css and, except for a few alt tags, also checks out as valid html) http://clients.q