In many organizations, there is the need to have all clients pass through a unique proxy server to go out to the Internet in order to provide centralized authentication and logging of all outgoing HTTP requests. Cisco Cache Engine uses Web Cache Communication Protocol Version 2 (WCCPv2) to transparently redirect and cache such requests issued by the clients. This sample configuration provides high bandwidth and resource savings for all the traffic that goes to the parent HTTP proxy, and ultimately to the Internet.
There are no specific prerequisites for this document.
The information in this document is based on these software and hardware versions:
Cisco Content Engine 560 that runs Cisco ACNS Software Release 4.2.1
Cisco 2600 Router that runs Cisco IOS® Software Release 12.1.11(T)
HTTP proxy server
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
In this section, you are presented with the information to configure the features described in this document.
This document uses this network setup:
This document uses the configuration shown in this section.
All clients have configured their HTTP browser with HTTP proxy configured to the IP address 10.48.66.216 and port 8080. The Content Engine AGRA transparently redirects all requests to the HTTP proxy server JSH.
The http proxy outgoing origin-server command is issued. Therefore, if the upstream proxy server JSH is not responsive, the Content Engine redirects the request directly to the origin server and preserves transparency.
In the event that the clients are also authenticated on the HTTP proxy server, issue the http authentication header 407 command in order to preserve the authentication credentials entered by the client, and pass them to the upstream proxy server.
|Cisco ACNS 4.2.1|
! http proxy outgoing host 10.48.66.216 8080 primary !--- This command is issued for the Content Engine to pass all requests !--- to an upstream proxy server. http proxy outgoing origin-server !--- If the proxy server is not responsive, the Content Engine !--- forwards requests directly to origin server. http reval-each-request all !--- Only for testing purposes. The Content Engine revaluates each !--- request to the origin server. ! ! ! ! ! ip domain-name cisco.com ! ! interface FastEthernet 0/0 ip address 192.168.150.250 255.255.255.0 exit interface FastEthernet 0/1 shutdown exit ! ! ip default-gateway 192.168.150.1 ! primary-interface FastEthernet 0/0 ! ! ecdn enable ! ! ! ! ip name-server 126.96.36.199 ! ! logging facility local1 logging console priority debug !--- Only for testing purposes. Logging is enabled !--- to the console directly. ! ! ! ! ! wccp router-list 1 192.168.150.1 wccp port-list 1 8080 wccp custom-web-cache router-list-num 1 port 8080 !--- Customer web caching to redirect HTTP proxy requests to port 8080. wccp version 2 no wccp slow-start enable ! ! rule no-cache url-regex cgi-bin ! ! transaction-logs enable transaction-logs file-marker transaction-logs export enable ! ! username admin password 1 FwgIKhhg2Nn4Q username admin privilege 15 ! ! ! ! authentication login local enable authentication configuration local enable ! Cisco router 2600 running wccp: ! hostname giulio ! enable password ww ! ip wccp 98 !--- WCCP service 98 to transparently redirect !--- HTTP connections on port 8080. ! ! ! interface FastEthernet0/0 ip address 10.48.66.27 255.255.254.0 ip wccp 98 redirect out speed 100 full-duplex ! interface FastEthernet0/1 ip address 192.168.150.1 255.255.255.0 ip route-cache same-interface speed 100 full-duplex !
Use this section to confirm that your configuration works properly.
show http proxy —Displays status from the Content Engine of the HTTP proxy configuration.
agra#show http proxy Incoming Proxy-Mode: Not servicing incoming proxy mode connections. Outgoing Proxy-Mode: Primary Proxy Server:10.48.66.216 port 8080
The interval for outgoing proxy servers is 60 seconds. The timeout period for outgoing proxy servers that probe is 300,000 microseconds. The use of the origin server upon proxy failures is enabled.
debug http header—Displays HTTP proxy requests on the Content Engine.
Oct 9 10:47:57 agra cache: [[[GET http://www.cisco.com/ HTTP/1.0\r\nAccept: */*\r\nAccept-Language: en-us\r\nPragma: no-cache\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)\r\nHost: www.cisco.com\r\nProxy-Connection: Keep-Alive\r\n\r\n]]]
debug http proxy—Displays the request that is issued by the Content Engine to the upstream proxy JSH, 10.48.66.216:8080.
Oct 9 10:53:44 agra cache: Connecting to ip: 10.48.66.216, port 8080, rqst_server_addr ip: 10.48.66.216, port 8080
agra#tcpdump tcp !--- Sniffs only TCP packets. Kernel filter, protocol ALL, datagram packet socket tcpdump: listening on all devices 10:37:59.582303 eth0 > jsh.cisco.com.webcache > 192.168.150.217.2340: S 3150663558:3150663558(0) ack 1450975212 win 5840 <mss 1432,nop,nop,sackOK> 10:37:59.583628 eth0 > jsh.cisco.com.webcache > 192.168.150.217.2340: . 1:1(0) ack 218 win 5840 10:37:59.593258 eth0 > agra.cisco.com.34987 > jsh.cisco.com.webcache: S 3153525366:3153525366(0) win 5840 <mss 1460,nop,nop,sackOK> !--- TCP connection established between ASD (HTTP Client) !--- and JSH (HTTP proxy server), which is spoofed by !--- AGRA (Content Engine). 10:37:59.596084 eth0 < jsh.cisco.com.webcache > agra.cisco.com.34987: S 3257871852:3257871852(0) ack 3153525367 win 17520 <mss 1460,nop,nop,sackOK> (DF) 10:37:59.596151 eth0 > agra.cisco.com.34987 > jsh.cisco.com.webcache: . 1:1(0) ack 1 win 5840 !--- AGRA retrieves the content on behalf of the client. Note the !--- HTTP request on port 8080 (webcache). 10:37:59.611127 eth0 > agra.cisco.com.34987 > jsh.cisco.com.webcache: P 1:212(211) ack 1 win 5840 10:37:59.742790 eth0 < jsh.cisco.com.webcache > agra.cisco.com.34987: . 1:1(0) ack 212 win 17309 (DF) ...
There is currently no specific troubleshooting information available for this configuration.
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.