WCCP on cisco 3725

Hi..I am beginner in WCCP technology. What is the minimum IOS version on the cisco 3725 to configure the WCCP?

WCCP is supported on the Content Engine software. The Cisco 2600/3600/3700 Series content engine modules support Cisco IOS Software Release 12.2(13)T and later. This link provides Web Cache Communication Protocol (WCCP) support for Cisco IOS software and Cisco Content Engine software.
http://www.cisco.com/en/US/customer/products/hw/contnetw/ps761/products_tech_note09186a0080094a77.shtml#topic1

Similar Messages

  • Possible interface issues on cisco 3725 router

    I have a router that has been working great for almost 2 years now, has had the occisonal reset due to power failures but, I have not adjusted the configuration for a long time, until today trying to diagnose the issue thats occuring.
    Here is the setup, a Cisco 3725, with three network interfaces, FE 0/0 connected to cable modem, FE 0/1 connected to the 10.0.1.x and FE0/1.10 vlan for call manager express ip phones. I then have a third interface FE 1/0 that acts as my DMZ where I keep servers. Both FE 0/0 and FE 1/0 are behind the NAT. Just yesterday I noticed that the internet traffic stops on the FE 0/1 interface after a few hours local VLAN routing works from FE0/1 to FE 1/0 and I can ssh into the router just no web traffic, I reset and it starts working again, odd thing is the DMZ still has internet during this entire time, which makes me think the interface is faling. Is there any logs or commands I can do when the interface fails again to see if its a bad interface on the router?
    I isolated the switch out of the question, hooked a non managed switch up while the internet was not working and tried to connect and got nothing as well.

    Try the below and see whether that works
    The inside interface of the PIX cannot be pinged from the other end of the tunnel unless the management-access command is configured in the global configuration mode.
    PIX-02(config)#management-access inside
    PIX-02(config)#show management-access
    management-access inside

  • Interleaving doesn't work properly for Cisco 3725 router, IP Plus IOS

    Dear All,
    I am deploying VoIP between 2 sites using Cisco 3725 routers. Currently, interleaving doesn't work properly which result in voice quality problem only during data trafic. Issuing "show int multilink 1" command, I realise that there is no interleaves even though VoIP call and data are traversing on the link.
    Attached here is the info for your reference.
    Any idea, please help.
    Thanks in advance.
    Duc

    Here is the info:
    VNHCMR01#sh call active voice brief
    : hs. + pid:
    dur hh:mm:ss tx:/ rx:/
    IP : rtt:ms pl:/ms lost://
    delay://ms
    MODEMPASS buf:/ loss /
    last s dur:/s
    FR [int dlci cid] vad: dtmf: seq:
    (payload size)
    ATM [int vpi/vci cid] vad: dtmf: seq:
    (payload size)
    Tele : tx://ms noise: acom: i/o:/ dBm
    MODEMRELAY info:// xid:/ total://
    speeds(bps): local / remote /
    Proxy :,,,,, endpt: /
    bw: / codec: /
    tx: /,/,/
    rx: /,/,/
    Telephony call-legs: 1
    SIP call-legs: 0
    H323 call-legs: 1
    MGCP call-legs: 0
    Total call-legs: 2
    12FF : 5798794hs.1 +202 pid:80 Answer 710 active
    dur 00:01:14 tx:3721/74420 rx:3721/74420
    Tele 0/0:15:424: tx:74420/74420/0ms g729r8 noise:0 acom:24 i/0:-50/-29 dBm
    12FF : 5798794hs.2 +202 pid:81 Originate 81555 active
    dur 00:01:14 tx:3721/74420 rx:3721/74420
    IP 159.12.56.1:19526 rtt:30ms pl:73890/40ms lost:0/1/6 delay:67/67/107ms g729r8
    Telephony call-legs: 1
    SIP call-legs: 0
    H323 call-legs: 1
    MGCP call-legs: 0
    Total call-legs: 2
    VNHCMR01#sh int mu1
    Multilink1 is up, line protocol is up
    Hardware is multilink group interface
    Description:
    Interface is unnumbered. Using address of FastEthernet0/0 (159.12.55.2)
    Backup interface Dialer1, failure delay 30 sec, secondary disable delay 30 sec,
    kickin load not set, kickout load not set
    MTU 1500 bytes, BW 256 Kbit, DLY 100000 usec,
    reliability 255/255, txload 33/255, rxload 13/255
    Encapsulation PPP, LCP Open, multilink Open
    Open: CDPCP, IPCP, loopback not set
    DTR is pulsed for 2 seconds on reset
    Last input 00:00:00, output never, output hang never
    Last clearing of "show interface" counters 00:00:50
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: weighted fair
    Output queue: 0/1000/64/0/0 (size/max total/threshold/drops/interleaves)
    Conversations 0/5/64 (active/max active/max total)
    Reserved Conversations 1/1 (allocated/max allocated)
    Available Bandwidth 56 kilobits/sec
    5 minute input rate 14000 bits/sec, 69 packets/sec
    5 minute output rate 34000 bits/sec, 72 packets/sec
    3062 packets input, 100509 bytes, 0 no buffer
    Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    3078 packets output, 298192 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 output buffer failures, 0 output buffers swapped out
    0 carrier transitions
    VNHCMR01#sh ppp multilink
    Multilink2, bundle name is VNHANR01
    Bundle up for 02:47:34, 3/255 load
    Receive buffer limit 12192 bytes, frag timeout 1000 ms
    0/0 fragments/bytes in reassembly list
    0 lost fragments, 0 reordered
    0/0 discarded fragments/bytes, 0 lost received
    0x145A1 received sequence, 0x21A41 sent sequence
    Member links: 1 active, 0 inactive (max not set, min not set)
    Se0/2, since 02:47:32, 320 weight, 312 frag size
    Multilink1, bundle name is VNBHCR01
    Bundle up for 16:07:32, 35/255 load
    Receive buffer limit 12192 bytes, frag timeout 1000 ms
    0/0 fragments/bytes in reassembly list
    0 lost fragments, 0 reordered
    0/0 discarded fragments/bytes, 0 lost received
    0x2DB8D received sequence, 0x536BD sent sequence
    Member links: 1 active, 0 inactive (max not set, min not set)
    Se0/1, since 16:07:30, 320 weight, 312 frag size
    VNHCMR01#sh run int multilink 1
    Building configuration...
    Current configuration : 380 bytes
    interface Multilink1
    description
    bandwidth 256
    ip unnumbered FastEthernet0/0
    service-policy output llq
    backup delay 30 30
    backup interface Dialer1
    ip tcp header-compression iphc-format
    no ip mroute-cache
    ppp multilink
    ppp multilink fragment delay 10
    ppp multilink interleave
    ppp multilink group 1
    ip rtp header-compression iphc-format
    end
    VNHCMR01#show policy-map
    Policy Map llq
    Class voip-rtp
    Strict Priority
    Bandwidth 50 (%)
    Class voip-sig
    Bandwidth 8 (kbps) Max Threshold 64 (packets)
    VNHCMR01#show class-map
    Class Map match-any class-default (id 0)
    Match any
    Class Map match-any voip-sig (id 1)
    Match access-group name VoIP-SIG
    Class Map match-any voip-rtp (id 2)
    Match ip rtp 16384 16383
    VNHCMR01#

  • Cisco 3725 Router for Internet Connectivity

    Hi,
    We have en existing Internet connection using our Cisco 3725 router (ISP A). The router does the NAT and here's the existing default route:
    S* 0.0.0.0/0 [1/0] via 1.2.3.153
    This router has a "16 Port 10BaseT/100BaseTX EtherSwitch".
    Now we have a new Internet connection (ISP B). What I did was to configure two ports on the Etherswitch and added route maps:
    interface FastEthernet1/0
    description "ISP B to provider"
    no switchport
    ip address 4.5.6.66 255.255.255.252
    interface FastEthernet1/1
    description "ISP B to my network"
    no switchport
    ip address 4.5.7.225 255.255.255.248
    ip policy route-map ISPBInternetTraffic
    access-list 101 permit ip 4.5.7.224 0.0.0.7 any
    route-map ISPBInternetTraffic permit 101
    match ip address 101
    set interface FastEthernet1/0
    set ip default next-hop 4.5.6.65
    What I want to happen is that when the router sees the traffic coming from the public IPs of ISP B (4.5.7.224 /29) it will direct that to go out ISP B on F1/0.
    1. Is my configuration correct?
    2. Any suggestions, recommendations?
    3. Can I do load balancing or load sharing between the two ISPs?
    Best,
    Tony

    Hi Tony,
    Your question has already been answered here: http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&topicID=.ee71a06&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd276a5

  • Sample RAS configuration of Cisco 3725

    Dear All,
    If anyone can help me with some sample RAS configuration of Cisco 3725 having one 1-Port Channelized E1/T1/ISDN-PRI Network Module & 12 Port Digital Modem Network Module.
    Thanks
    Suresh

    The configuration is not mine, I just took it from:
    http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_configuration_guide_chapter09186a00800d9bb5.html
    and I remove the extra lines (in the config is 1 to 48, but in your 3725 can be others depending in which module are installed). Also you have to check the lines of your modems. This is a useful link, but you can check it with show diag:
    http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a0080094691.shtml
    Config:
    controller T1 0
    framing esf
    clock source line primary
    linecode b8zs
    pri-group timeslots 1-24
    interface Serial0:23
    no ip address
    encapsulation ppp
    dialer rotary-group 0
    dialer-group 1
    no fair-queue
    no cdp enable
    interface Dialer0
    ip unnumbered Loopback0
    no ip mroute-cache
    encapsulation ppp
    peer default ip address pool dialin_pool
    dialer in-band
    dialer-group 1
    no fair-queue
    no cdp enable
    ppp authentication chap pap dialin
    ppp multilink
    ip local pool dialin_pool 10.1.2.1 10.1.2.50
    dialer-list 1 protocol ip permit
    line 1 48
    autoselect ppp
    autoselect during-login
    login authentication dialin
    modem DialIn
    Hope it helps
    -as

  • How to Configuration Cisco 3725 with NEC ASPILA EX

    Dear all;
    Now i have Cisco 3725 with 1-Port Channelized E1/T1/ISDN-PRI, i am connect to NEC ASPILA EX with PRI I/F (1PRIU-A1.
    The controller link state up, but when clients dialin to RAS not have ring back or not connect to RAS.
    anyone can help me?

    Hi;
    i'am config cisco as you recommended is "isdn protocol-emulate network" and "clock source should be internal". After the remote computer call to RAS it have modem signal and then connected, next time it disconnect. can i change some parameter for this problem or what i'am wrong?. I post config, status, and debug message for you. Help me..
    ===== show isdn status ===========
    #show isdn status
    Global ISDN Switchtype = primary-net5
    ISDN Serial2/0:15 interface
    ******* Network side configuration *******
    dsl 0, interface ISDN Switchtype = primary-net5
    Layer 1 Status:
    ACTIVE
    Layer 2 Status:
    TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
    Layer 3 Status:
    0 Active Layer 3 Call(s)
    Active dsl 0 CCBs = 0
    The Free Channel Mask: 0xFFFF7FFF
    Number of L2 Discards = 0, L2 Session ID = 0
    Total Allocated ISDN CCBs = 0
    =============== sh controllers e1 2/0 brief ========
    #sh controllers e1 2/0 brief
    E1 2/0 is up.
    Applique type is Channelized E1 - unbalanced
    No alarms detected.
    alarm-trigger is not set
    Framing is CRC4, Line Code is HDB3, Clock Source is Internal.
    Module type is Channelized E1/T1 PRI
    Version info Firmware: 0000001D, FPGA: 0
    Hardware revision is 0.0 , Software revision is 29
    Protocol revision is 1
    number of CLI resets is 0
    receive remote alarm : 0,
    transmit remote alarm : 0,
    receive AIS alarm : 0,
    transmit AIS alarm : 0,
    loss of frame : 1,
    loss of signal : 1,
    Loopback test : 0,
    transmit AIS in TS 16 : 0,
    receive LOMF alarm : 0,
    transmit LOMF alarm : 0,
    ========== Interface config.=============
    controller E1 2/0
    clock source internal
    line-termination 75-ohm
    pri-group timeslots 1-31
    interface Serial2/0:15
    no ip address
    ip nat inside
    encapsulation ppp
    ip policy route-map nachi-worm
    dialer rotary-group 1
    dialer-group 1
    isdn switch-type primary-net5
    isdn protocol-emulate network
    isdn incoming-voice modem
    no fair-queue
    no cdp enable
    =================Debug Message when call to RAS ===========================
    Mar 6 22:40:29 BANGKOK: ISDN Se2/0:15 Q931: RX <- SETUP pd = 8 callref = 0x000B
    Bearer Capability i = 0x8090A3
    Standard = CCITT
    Transer Capability = Speech
    Transfer Mode = Circuit
    Transfer Rate = 64 kbit/s
    Channel ID i = 0xA9838B
    Exclusive, Channel 11
    Calling Party Number i = 0x0081, N/A
    Plan:Unknown, Type:Unknown
    Called Party Number i = 0x81, '075205600'
    Plan:ISDN, Type:Unknown
    Low Layer Compat i = 0x8090A3
    High Layer Compat i = 0x9181
    Mar 6 22:40:29 BANGKOK: ISDN Se2/0:15 Q931: TX -> CALL_PROC pd = 8 callref = 0x800B
    Channel ID i = 0xA9838B
    Exclusive, Channel 11
    Mar 6 22:40:29 BANGKOK: ISDN Se2/0:15 Q931: TX -> ALERTING pd = 8 callref = 0x800B
    Mar 6 22:40:29 BANGKOK: ISDN Se2/0:15 Q931: TX -> CONNECT pd = 8 callref = 0x800B
    Mar 6 22:40:35 BANGKOK: %ISDN-6-CONNECT: Interface Serial2/0:10 is now connected to unknown unknown
    Mar 6 22:40:46 BANGKOK: %ISDN-6-DISCONNECT: Interface Serial2/0:10 disconnected from unknown , call lasted 17 seconds
    Mar 6 22:40:46 BANGKOK: ISDN Se2/0:15 Q931: TX -> DISCONNECT pd = 8 callref = 0x800B
    Cause i = 0x8290 - Normal call clearing
    Mar 6 22:40:47 BANGKOK: ISDN Se2/0:15 Q931: RX <- RELEASE pd = 8 callref = 0x000B
    Mar 6 22:40:47 BANGKOK: ISDN Se2/0:15 Q931: TX -> RELEASE_COMP pd = 8 callref = 0x800B
    ==============================================

  • WAE-674 WCCP with 3725 router

    Hello all,
    This is a new install, I am trying to bring up a WAE-674 box at one my remote sites with 2 routers (a 3725 and a 2621) at this remote site and I am using WCCP for traffic redirection. I am having an issue with WCCP on the 3725 router, for some reason when I enable the command "IP wccp 62 redirect in" under the WAN serial interface I suddenly can no longer telnet to the fastethernet interface on the router but I can still ping it and still able to telnet to the loopback interface. And I have no issue with WCCP on the other 2621 router with the same config setup.
    Has anyone run into this issue before ? I appreciate any feedbacks on this !!!!
    I am running IOS version 12.3(14)T7 on the 3725 router and WAAS software version 4.1.1c
    Thanks in advance !!
    Danny

    You will want to explore CSCsg30875 to see how it applies to your installation
    CSCsg30875 wccp blocking telnet to router
    Since 12.3T is EOL, it probably was not tested and may or may not exist in that Cisco IOS track.
    End-of-Sale and End-of-Life Announcement for Cisco IOS Software Release 12.3T
    http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6947/ps5207/prod_bulletin0900aecd803a0ffe.html
    Thank You,
    Dan Laden

  • Will Cisco 3750G takes 700 users WCCP redirection sessions?

     Hi,
    We are configuring WCCP in Cisco 3750G switches. We would like to know if it can take concurrent 700 users WCCP redirection session?
     If not then what is the maximum session we can achieve with this model? And what will be the next best model which can handle this load.
    Regards
    Asif

    Absolutely correct.
    Here is the URL for your reference:
    http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/basic_wccp.html#wp1143527
    Quoted from above:
    "WCCP redirection is supported only on the ingress  of an interface. The only topology that the ASA supports is when client  and cache engine are behind the same interface of the ASA and the cache  engine can directly communicate with the client, without going through  the ASA. "

  • WCCP redirections over IPv6

    Hi,
    I've a question related to WCCP and IPv6.
    Let's imagine a web-cache cluster, all the nodes dual stack (IPv4+IPv6) and all of them supporting WCCP (also IPv4+IPv6) for transparent web-cache, so they can cache either IPv6 or IPv4 web pages.
    Let's imagine one Cisco router that is also dual-stack and having WCCP support (AFAIK only for IPv4). I assume that the router and the web-cache nodes are able to communicate to each other through either IPv6 and/or IPv4 for any protocol different than WCCP. For WCCP only communication through IPv4 is feasible (IPv4 only support for WCC in the cisco router).
    My question is what about the port-80 IPv6 traffic (http queries indeed) forwarded to the router from the user's hosts?
    Would such a traffic be forwarded to the external IPv6 HTTP public server (like no-http traffic)?
    Would such a traffic be forwarded to the web-cache farm (like IPv4-http traffic does) in spite of WCCP supports only IPv4?
    In other words, the IPv4-only-WCCP capable cisco router (but dual-stack) inspects only the IPv4 packets looking for the TCP-80 port or it does it also for IPv6 packets?
    Regards
    Miguel

    This URL should help you:
    http://www.cisco.com/en/US/products/ps6350/prod_bulletin09186a0080457b39.html

  • How can I mirror all ports on CISCO 3750 switches to one Gigabyte port?

    Hi,
    I have a requirement to mirror all the ports on my 7 CISCO 3750 switches, which are in 3 separate stacks, to one single Gigabyte Ethernet port.
    Does anyone know how I can do that?
    Thanks in advance.

    Vlad, thanks a heap for your response.
    I want to apply to my sitation. Please let me know if I get them right in the following:
    Catalyst A
    vlan 901
    remote-span
    monitor session 1 source interface fastethernet 1-48 (I want to monitor all ports on the CISCO 3725)
    monitor session 1 destination remote vlan 901
    Catalyst B
    vlan 901
    remote-span (If I don't need to monitor this switch, do I still need to put anything into this switch at all?)
    Catalyst C
    vlan 901
    remote-span
    monitor session 1 source interface fastethernet 1-48 (I want to monitor all ports on this switch as well)
    monitor session 1 source remote vlan 901
    monitor session 1 destination interface gigabitethernet 3 (There are 4 Gigabit Ethernet Uplink in CISCO 3750, I want all the traffic to go to port 3, is this the right way to do?)
    Thanks in advance.

  • Host-4215-3725 no link

    Good day Everyone! I've read all of cisco guides but I can't figure out why I'm experiencing the following problem:
    1. I have'got 4215 in inline mode
    2. Windows host with 10.0.3.1/24,10.0.3.254 (ip\mask, gateway) is on fa0/1 interface and Cisco 3725 is on fa1/0 port of the sensor.
    3. I've got the following configuration on Cisco 3725 interface:
    interface FastEthernet2/12
    switchport access vlan 23
    interface Vlan23
    ip address 10.0.3.254 255.255.255.0
    ip access-group IDS_vlan23_out_1 out
    ip nat inside
    ip virtual-reassembly
    4. the sensor has the following configuration:
    inline-interfaces pair-0
    no description
    interface1 FastEthernet0/1
    interface2 FastEthernet1/0
    service analysis-engine
    virtual-sensor vs0
    logical-interface pair-0
    5. if I issue "packet display FastEthernet0/1" of "packet display FastEthernet1/0" on the sensor I see the same:
    traffic from Cisco 3725 OSPF hellos:
    18:57:32.329981 802.1d config 8000.00:0b:46:fc:95:50.805d root 8000.00:0b:46:fc:95:50 pathcost 0 age 0 max 20 hello 2 fdelay 15
    BUT! The problem is I do not have a physical link on my Windows host to the network (the red cross on network connection Icon on the bottom right side of the toolbar)
    Can anyone please give me a hint what I've done wrong?
    Thanks in Advance!

    What type of cable are you using to connect the Host with the sensor?
    Are you using a crossover cable?
    With 10/100 ports, a crossover cable is needed when connecting 2 Hosts.
    When planning the cabling remember that the IDS-4215 acts like an end host (as do routers) instead of a switch or hub.
    Normally the switch or hub does the crossover internally so a straight through cable is used when connecting a Host to a switch or hub. BUT when connecting a Host to a Host (or sensor, or router) the cross over must be externally by using a cross over cable.
    If you are already using a crossover cable, then the next thing to determine is if there is a problem with speed and duplex negotiation.
    You might try hard coding both the Host and sensor to use 100 Mbps Full Duplex. Bu hardcoding both sides you won't have to worry about auto negotiation.
    NOTE: If using 10/100/1000 interfaces on both the Host and Sensor you likely could have used a straight through cable. The When neogiating to 1 Gbps the NICs can detect the difference between a straight through and cross over cable and adjust to use either type in most circumstances.
    BUT most 10/100 interfaces generally lack this capability and require a cross over cable when connecting from Host to Host.

  • NME-WLC8-K9 and 3725

    Will the NME-WLC8-K9 work on the Cisco 3725? Will there be a problem if there is a L3 switch between the router where the NME-WLC8 is plugged in and the L2 switches where the LAPs are connected?

    That will work just fine. The ap's will just need to have connectivity back to the to the wlc. Now it depends on how you stage the lap's to be able to join the wlc.
    http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml
    http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml#backinfo
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080665cdf.shtml#conf

  • Symantec web filter cloud server with wccp

    Hi All,
    My web filter is now from symantec cloud.  Which I created a vm windows 2008 r2 and install the client site proxy.  So all user now are using proxy settings on that local server IP with the port 3128.  
    Is it possible to make that server connect to wccp on cisco asa 5515x?  It's annoying to have proxy settings especially on smart phones.  I don't know if symantec have a linux CSP version, maybe wccp will work fine with a linux server.
    Thanks and more power.

    Hello Phillipe,
    Yes, You nail it down.
    With this Setup the asa is going to generate a Router ID and Just like OSPF is going to use the higher Ip . In this scenarios should use the interface where the Iron port is. But sometimes the higher is the outside interface ( public one) so we are going to have an issue and there is no solution . The Iron Ports servers can handle this. Other than those ones cannot.
    Just like OSPF is going to use the higher Ip as the Router Identifier so when he SENDS the packets to the server is going to send it with the wrong ip
    Regards

  • How many calls cisco 3745 router can support?

    I want to select a router as GK for 1000 users which located in different site with about 10 GW. Cisco 3725 or 45 is ok?
    Is it must for CCM server?

    It is beased mainly on port size for the type of voice circiut you are using. FXO,FXS E&M low volume and users. T1 PRI or CAS 23-24 calls per circuit to the PSTN. I am not sure of the realestate on the back plan ,but I am sure it is plenty. I have 600 hundred off of a 2621 4 pri circuits in it.

  • Ironport not allowing different subnet using cisco dhcp

    Recently i configured new vlan on remote site and directed it to backup  link, but strange thing is our wireless clients proxy is working and lan  connected pcs proxy is not working,
    Ironport is working on default vlan, microsoft dhcp server but i created  different vlan and configured dhcp on cisco but it is not allowing  access that subnet. using wccp redirect on the interface.
    we configured NTLM authentication connecting to AD, the problem is the  clients which are different vlan is not in AD, and AD pc in different  vlan is working only non AD denied actually we configured guest on  authenticaion, and also that subnet is placing remote site and our main  site's unknown pcs are accessing throught guest no problem, 2nd thing is  main vlan uses MS server 2003 dhcp pool and working non AD users, im  using switch own dhcp pool for vlan 200, is it conflict? and when i put  ironport ip on IE's proxy setting it is working
    How to fix it?

    Network Side:   
                           ---->Cisco 2800-1 (Gre Configured) --> Sat Link-->Cisco 2800-2(Gre Configured)--->
    End Users->1-L3->                                                                                                  ---->L3-2(WCCP)---Ironport
                           ---->Cisco 2800-3 (MPLS Configured ) --> Sat Link-->Cisco 2800-4(MPLS Configured)--->
    Our network is like this, so through MPLS everything is working fine. The problem is on backup.
    End users --> VLAN 1, VLAN 200  and VLAN 1 is default and our AD users, AD users working okay but looks like depending on some operating system Win XP, Win 7 some of them not working, and for VLAN 200 is all unknown pc.
    1-L3 doing only routing role.
    Cisco 2800-1 and 2800-2 both also configured routing and Gre tunnel.
    Cisco 2800-1 Configs
    crypto isakmp policy 2
    encr 3des
    authentication pre-share
    crypto isakmp key *** address 10.1.9.254
    crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec profile VPN
    set transform-set 3DES-SHA
    interface Loopback0
    ip address 1.2.2.1 255.255.255.252
    interface Tunnel0
    bandwidth 1024
    ip address 10.1.9.250 255.255.255.252
    ip mtu 1300
    tunnel source 10.2.9.254
    tunnel mode ipsec ipv4
    tunnel destination 10.1.9.254
    tunnel protection ipsec profile VPN
    service-policy output QoSTunnel
    interface GigabitEthernet0/0
    description Connected to Satellite Modem
    bandwidth 1024
    ip address 10.2.9.254 255.255.255.252
    duplex auto
    speed auto
    interface GigabitEthernet0/1
    description Connected to L3-Switch
    ip address 10.2.5.253 255.255.255.240
    ip nbar protocol-discovery
    duplex auto
    speed auto
    service-policy input block-p2p
    ip forward-protocol nd
    ip http server
    ip http authentication local
    no ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip route 0.0.0.0 0.0.0.0 Tunnel0
    ip route 1.2.1.1 255.255.255.255 Tunnel0
    ip route 10.1.0.0 255.255.224.0 Tunnel0
    ip route 10.1.5.240 255.255.255.240 Tunnel0
    ip route 10.1.5.254 255.255.255.255 10.1.5.253
    on the WCCP configuration L3-2
    sh ip wccp
    Global WCCP information:
        Router information:
            Router Identifier:                   192.168.0.1
            Protocol Version:                    2.0
        Service Identifier: web-cache
            Number of Service Group Clients:     1
            Number of Service Group Routers:     1
            Total Packets s/w Redirected:        4
              Process:                           2
              CEF:                               2
            Redirect access-list:                -none-
            Total Packets Denied Redirect:       0
            Total Packets Unassigned:            2970
            Group access-list:                   -none-
            Total Messages Denied to Group:      0
            Total Authentication failures:       0
            Total Bypassed Packets Received:     0
    sh ip wccp int
    WCCP interface configuration:
        Vlan6
            Output services: 0
            Input services:  1
            Mcast services:  0
            Exclude In:      FALSE
        Vlan7
            Output services: 0
            Input services:  1
            Mcast services:  0
            Exclude In:      FALSE
        Vlan8
            Output services: 0
            Input services:  1
            Mcast services:  1
            Exclude In:      FALSE
    interface Vlan6
    ip address 10.1.0.254 255.255.224.0
    no ip redirects
    ip wccp web-cache redirect in
    ip access-list standard wccp_grp_list
    permit 10.1.7.253 ## Ironport IP ##
    ip access-list extended wccp_redir_list
    permit tcp 10.1.0.0 0.0.31.255 any eq www
    permit tcp 10.2.0.0 0.0.31.255 any eq www
    permit tcp 10.2.1.0 0.0.0.255 any eq www ## VLAN 1 Users ##
    permit tcp 10.2.11.0 0.0.0.255 any eq www ## VLAN 200 Users ##
    and Static routings on L3-2.
    On Ironport.
    connected NTLM to Domain server
    Service Profile Name:
    Service:
    Standard service ID: 0 web-cache (destination port 80)
    wccp_redir_list
    Router ip address: 10.1.7.254
    Load Balancing : Allow hash and mask
    Forwarding method: Allow GRE or L2
    Return method: Allow GRE or L2
    Default Route : to Router IP
    And configured Guest privileged so if unknown pc will connect it should go through Guest privilege.
    Global Authentication Settings
    Action if Authentication Service Unavailable:    Block all traffic if authentication fails
    Failed Authentication Handling:    Log Guest User by: IP Address
    Re-authentication:    Disabled
    Basic Authentication Token TTL:    18000
    Transparent Proxy Mode Authentication Settings
    Credential Encryption:    Disabled
    Redirect Hostname:    proxy
    Credential Cache Options:    Surrogate Timeout: 3600 seconds
    Client IP Idle Timeout: 3600 seconds
    Cache Size: 8192 entries
    User Session Restrictions:    Disabled
    Secure Authentication Certificate:    Common name:    IronPort Appliance Demo Certificate
    Organization:    IronPort Systems, Inc.
    Organizational Unit:   
    Country:    US
    Expiration Date:   
    Basic Constraints:    Not Critical
       Enable Identity
    Name:       
    (e.g. my IT policy)
    Description:    
    Insert Above:   
    Membership Definition
    Membership is defined by any combination of the following options. All criteria must be met for the policy to take effect.
    Define Members by Subnet:    
    (examples: 10.1.1.1, 10.1.1.0/24, 10.1.1.1-10)
    Define Members by Protocol:    
    All protocols
    HTTP/HTTPS Only 
    Native FTP Only
    Define Members by Authentication:   
    Select a Realm or Sequence:   
    Select a Scheme:     Scheme setting applies to HTTP/HTTPS only.
    If a user fails authentication:     Support Guest privileges   
    Authorization of specific users and groups is defined in subsequent policy layers
    (see Web Security Manager > Decryption Policies, Routing Policies and Access Policies).
    Authentication Surrogate for Transparent Proxy Mode:    Surrogate Type:       
    IP Address
    Persistent Cookie
    Session Cookie
    Explicit Forward Request:        Apply same surrogate settings to explicit forward requests
    If this option is not selected, no surrogates will be used with explicit forward requests and NTLM credential caching will not be available to these requests.
    Advanced
    Use the Advanced options to define or edit membership by proxy port, destination (URL Category), or User Agents.
    The following advanced membership criteria have been defined:
    Proxy Ports:    None Selected
    URL Categories:    None Selected
    User Agents:    None Selected
    Use: NTLMSSP
    Identity Policies: Global Group
    Settings for Global Policy
    Define Members by Authentication:    Require authentication
    Select a Realm or Sequence:    NTLMSSP
    Select a Scheme:     Scheme setting applies to HTTP/HTTPS only.
    If a user fails authentication:     Support Guest privileges   
    Authorization of specific users and groups is defined in subsequent policy layers
    (see Web Security Manager > Decryption Policies, Routing Policies and Access Policies).
    Authentication Surrogate for Transparent Proxy Mode:    Surrogate Type:       
    IP Address
    Persistent Cookie
    Session Cookie
    Explicit Forward Request:        Apply same surrogate settings to explicit forward requests
    If this option is not selected, no surrogates will be used with explicit forward requests and NTLM credential caching will not be available to these requests.
    But the problem is it is not forwarding Guest privilege and browser stuck when loading .

Maybe you are looking for

  • Windows 8.1 crashing/rebooting

    My windows 8.1 is rebooting multiple times per day. I've uploaded all the dmp files to my skydrive. Here's the output/report for WhoCrashed.  I'm not sure how to troubleshoot from here. computer name: P6X58D-FLL windows version: Windows 8 , 6.2, buil

  • PC crashes as soon as I connect my iPhone 4.

    I've recently updated all my Apple applications, and iPhone 4 to iOS 7.  Ever since then, my computer has been acting really strange.  I thought my computer was infected, so I did a few virus scans.  Fortunately, nothing came up in the virus scan res

  • EXPORT_MD_TO_FILE

    Hello All, I am trying to run the standard EXPORT_MD_TO_FILE Data Manager Package. I'm having an issue with any descriptions that have a comma. If the description has a comma, it splits it into another column in the export. Thus, if I have: ID       

  • For those of you who ordered your macbook online

    I recently ordered a macbook from the online store, and I was wondering if any of you who ordered yours online know where apple ships their products from. I've hear a myriad of answers, from Taiwan to Shanghai to Cupertino. Thanks in advance.

  • Need to update my Logic 7.0.1 on my OS X 10.5.5

    Hi. Can you please help me. I've had Logic 7.0.1 for over 3 years. Never connected to the internet for updates. I just recently upgraded my OS from 10.4 to 10.5 and starting to notice some problems using my LOGIC 7.0.1. I visited the apple website to