In many organizations, there is the need to have all clients pass
through a unique proxy server to go out to the Internet in order to provide
centralized authentication and logging of all outgoing HTTP requests. Cisco
Cache Engine uses Web Cache Communication Protocol Version 2 (WCCPv2) to
transparently redirect and cache such requests issued by the clients. This
sample configuration provides high bandwidth and resource savings for all the
traffic that goes to the parent HTTP proxy, and ultimately to the
There are no specific prerequisites for this document.
The information in this document is based on these software and
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
Technical Tips Conventions for more information on document
In this section, you are presented with the information to configure
the features described in this document.
Note: Use the
(registered customers only)
to obtain more information on the commands used in this
This document uses this network setup:
This document uses the configuration shown in this section.
All clients have configured their HTTP browser with HTTP proxy
configured to the IP address 10.48.66.216 and port 8080. The Content Engine
AGRA transparently redirects all requests to the HTTP proxy server JSH.
The http proxy outgoing origin-server
command is issued. Therefore, if the upstream proxy server JSH is not
responsive, the Content Engine redirects the request directly to the origin
server and preserves transparency.
In the event that the clients are also authenticated on the HTTP proxy
server, issue the http authentication header 407
command in order to preserve the authentication credentials entered by the
client, and pass them to the upstream proxy server.
Cisco ACNS 4.2.1
http proxy outgoing host 10.48.66.216 8080 primary
!--- This command is issued for the Content Engine to pass all requests
!--- to an upstream proxy server.
http proxy outgoing origin-server
!--- If the proxy server is not responsive, the Content Engine
!--- forwards requests directly to origin server.
http reval-each-request all
!--- Only for testing purposes. The Content Engine revaluates each
!--- request to the origin server.
ip domain-name cisco.com
interface FastEthernet 0/0
ip address 192.168.150.250 255.255.255.0
interface FastEthernet 0/1
ip default-gateway 192.168.150.1
primary-interface FastEthernet 0/0
ip name-server 22.214.171.124
logging facility local1
logging console priority debug
!--- Only for testing purposes. Logging is enabled
!--- to the console directly.
wccp router-list 1 192.168.150.1
wccp port-list 1 8080
wccp custom-web-cache router-list-num 1 port 8080
!--- Customer web caching to redirect HTTP proxy requests to port 8080.
wccp version 2
no wccp slow-start enable
rule no-cache url-regex cgi-bin
transaction-logs export enable
username admin password 1 FwgIKhhg2Nn4Q
username admin privilege 15
authentication login local enable
authentication configuration local enable
Cisco router 2600 running wccp:
enable password ww
ip wccp 98
!--- WCCP service 98 to transparently redirect
!--- HTTP connections on port 8080.
ip address 10.48.66.27 255.255.254.0
ip wccp 98 redirect out
ip address 192.168.150.1 255.255.255.0
ip route-cache same-interface
Use this section to confirm that your configuration works
Output Interpreter Tool
(registered customers only)
(OIT) supports certain
show commands. Use the OIT to view an analysis of
show command output.
show http proxy —Displays status from the
Content Engine of the HTTP proxy configuration.
agra#show http proxy
Incoming Proxy-Mode: Not servicing incoming proxy mode connections.
Outgoing Proxy-Mode: Primary Proxy Server:10.48.66.216 port 8080
The interval for outgoing proxy servers is 60 seconds. The timeout
period for outgoing proxy servers that probe is 300,000 microseconds. The use
of the origin server upon proxy failures is enabled.
debug http header—Displays HTTP proxy
requests on the Content Engine.
Oct 9 10:47:57 agra cache: [[[GET http://www.cisco.com/ HTTP/1.0\r\nAccept:
en-us\r\nPragma: no-cache\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 5.5;
Windows NT 5.0; T312461)\r\nHost: www.cisco.com\r\nProxy-Connection:
debug http proxy—Displays the request that
is issued by the Content Engine to the upstream proxy JSH,
Oct 9 10:53:44 agra cache: Connecting to ip: 10.48.66.216,
port 8080, rqst_server_addr ip: 10.48.66.216, port 8080
!--- Sniffs only TCP packets.
Kernel filter, protocol ALL, datagram packet socket
tcpdump: listening on all devices
10:37:59.582303 eth0 > jsh.cisco.com.webcache > 192.168.150.217.2340:
S 3150663558:3150663558(0) ack 1450975212 win 5840 <mss 1432,nop,nop,sackOK>
10:37:59.583628 eth0 > jsh.cisco.com.webcache > 192.168.150.217.2340:
. 1:1(0) ack 218 win 5840
10:37:59.593258 eth0 > agra.cisco.com.34987 > jsh.cisco.com.webcache:
S 3153525366:3153525366(0) win 5840 <mss 1460,nop,nop,sackOK>
!--- TCP connection established between ASD (HTTP Client)
!--- and JSH (HTTP proxy server), which is spoofed by
!--- AGRA (Content Engine).
10:37:59.596084 eth0 < jsh.cisco.com.webcache > agra.cisco.com.34987:
S 3257871852:3257871852(0) ack 3153525367 win 17520 <mss 1460,nop,nop,sackOK>
10:37:59.596151 eth0 > agra.cisco.com.34987 > jsh.cisco.com.webcache:
. 1:1(0) ack 1 win 5840
!--- AGRA retrieves the content on behalf of the client. Note the
!--- HTTP request on port 8080 (webcache).
10:37:59.611127 eth0 > agra.cisco.com.34987 > jsh.cisco.com.webcache:
P 1:212(211) ack 1 win 5840
10:37:59.742790 eth0 < jsh.cisco.com.webcache > agra.cisco.com.34987:
. 1:1(0) ack 212 win 17309 (DF)
There is currently no specific troubleshooting information available
for this configuration.