Configure mode negotiation

  • The Packet Forward Method determines how traffic is transmitted from the WCCP router to the proxy.
  • The Packet Return Method specifies the method used to return traffic back to the WCCP router.
Important:

If you change the forward/return method configuration while there is an active connection with the WCCP device, in order to re-negotiated the method you must force the current connection to terminate. Typically, this means turning off the service group on the WCCP device for 60 seconds. See the documentation for your WCCP device.

If multiple proxies are installed in your environment, each with WCCP enabled, but configured with different Packet Forward and Packet Return Methods, traffic may not be processed. Some routers support only a single Packet Forward Method within a group and may forward packets to the other proxies using a method they do not support.

Typically the router supports only one method, and the forward and return methods match.

Steps

  1. If traffic is routed to the proxy by a Cisco ASA firewall, in the Special Device Profile drop down box select ASA Firewall. When this option is selected, GRE is automatically selected for both Packet Forward Method and Packet Return Method. These settings cannot be changed.
  2. If traffic is routed to the proxy by a router or switch, select the Packet Forward Method (L2 or GRE) and Packet Return Method that matches the capabilities and position of your router or switch.

    If Content Gateway is configured with a Forward/Return method that the router does not support, the proxy negotiates the method supported by the router.

    • If L2 is selected, L2 is automatically selected as the return method (GRE is not an option).
      Important: Selecting L2 requires that the router or switch be Layer 2-adjacent (in the same subnet) as Content Gateway.
    • If GRE is selected, for each router in the service group a unique Content Gateway tunnel endpoint IP address must be specified in the WCCP Routers section (see the “Provide router information” step, below).
      Important:

      GRE cannot be used with WCCP multicast mode.

      GRE return, as documented by Cisco (see this site), is fully functional in all deployments. GRE enhanced tunnel return, in which the proxy forwards traffic back to the router, is only available on an appliance. Contact Technical Support for information on how to enable the functionality.