# Squid WCCP with Cisco ASA



## Bert Macklin (Jun 18, 2015)

I've been working with squid 3.3.11 and an ASA on version 8.4(2).  I have this configured to the point where WCCP encapsulated packets are being sent to the squid server interface, but squid doesn't appear to be doing anything with the traffic.  Enabling debug mode 80 for WCCP logging, I see the following written to the squid cache log


```
2015/06/15 15:13:48.052 kid5| wccp2.cc(956) wccp2Init: wccp2Init: scheduled 'HERE_I_AM' message to 1routers.
2015/06/15 15:13:48.059 kid5| wccp2.cc(956) wccp2Init: wccp2Init: scheduled 'HERE_I_AM' message to 1routers.
2015/06/15 15:13:48.063 kid5| wccp2.cc(961) wccp2Init: wccp2Init: skip duplicate 'HERE_I_AM'.
2015/06/15 15:13:48.064 kid5| wccp.cc(134) wccpConnectionOpen: WCCPv1 disabled.
2015/06/15 15:13:48.064 kid5| Accepting WCCPv2 messages on port 2048, FD 30.
2015/06/15 15:13:48.064 kid5| Initialising all WCCPv2 lists
2015/06/15 15:13:49.053 kid5| wccp2.cc(1594) wccp2HereIam: Sending HereIam packet size 144
2015/06/15 15:13:49.054 kid5| wccp2.cc(1594) wccp2HereIam: Sending HereIam packet size 144
2015/06/15 15:13:49.054 kid5| wccp2.cc(1192) wccp2HandleUdp: Incoming WCCPv2 I_SEE_YOU length 132.
2015/06/15 15:13:49.054 kid5| wccp2.cc(1331) wccp2HandleUdp: Incoming WCCP2_I_SEE_YOU Received ID old=0 new=43550.
2015/06/15 15:13:49.054 kid5| wccp2.cc(1192) wccp2HandleUdp: Incoming WCCPv2 I_SEE_YOU length 132.
2015/06/15 15:13:49.054 kid5| wccp2.cc(1331) wccp2HandleUdp: Incoming WCCP2_I_SEE_YOU Received ID old=0 new=97371.
2015/06/15 15:13:59.055 kid5| wccp2.cc(1594) wccp2HereIam: Sending HereIam packet size 144
2015/06/15 15:13:59.055 kid5| wccp2.cc(1594) wccp2HereIam: Sending HereIam packet size 144
```

It appears that the HereIam packets and I_SEE_YOU packets are communicating between the server and the ASA.  I do see WCCP encapsulated packets reaching the Squid server with the SYN requests when I try to browse the web from the client, but the squid access.log doesn't mention anything about this traffic.


```
Global WCCP information:
    Router information:
        Router Identifier:                  192.168.1.1
        Protocol Version:                    2.0

    Service Identifier: web-cache
        Number of Cache Engines:            1
        Number of routers:                  1
        Total Packets Redirected:            973
        Redirect access-list:                wccp-traffic-http
        Total Connections Denied Redirect:  10
        Total Packets Unassigned:            0
        Group access-list:                  wccp-servers
        Total Messages Denied to Group:      0
        Total Authentication failures:      0
        Total Bypassed Packets Received:    0

    Service Identifier: 70
        Number of Cache Engines:            1
        Number of routers:                  1
        Total Packets Redirected:            7712
        Redirect access-list:                wccp-traffic-https
        Total Connections Denied Redirect:  4
        Total Packets Unassigned:            31
        Group access-list:                  wccp-servers
        Total Messages Denied to Group:      0
        Total Authentication failures:      0
        Total Bypassed Packets Received:    0
```

Any help would be greatly appreciated!  Please let me know if any other information would be helpful.


----------



## SirDice (Jun 18, 2015)

Current version of www/squid is 3.5.5. I would update that first. It might be a bug and it might have been solved already.


----------



## Bert Macklin (Jun 18, 2015)

SirDice said:


> Current version of www/squid is 3.5.5. I would update that first. It might be a bug and it might have been solved already.


Unfortunately I can't update squid in this environment.  I was hoping to get some further troubleshooting steps or suggestions on how to proceed.


----------



## SirDice (Jun 19, 2015)

Squid 3.3 went end-of-life in December 2013 and is now considered dangerous to use.

http://wiki.squid-cache.org/Squid-3.3


----------

