On 2025-07-10 06:39, MAB IT System wrote:
Dear Squid team,
I’m currently working on deploying Squid as a transparent proxy using
WCCPv2 with a Cisco ASA firewall.
The ASA selects a router ID x.x.x.x automatically and uses GRE
encapsulation. However, in my Squid configuration, I’m using
wccp2_forwarding_method gre.
I’ve confirmed that:
- UDP traffic on port 2048 between Squid and the ASA is working correctly.
- Squid receives WCCP messages (`HERE_I_AM`, `I_SEE_YOU`) but logs
errors like:
`ERROR: Ignoring WCCPv2 message: check failed: duplicate security
definition`
You are probably suffering from Squid Bug 5179:
https://bugs.squid-cache.org/show_bug.cgi?id=5179
FWIW, there is a (currently dorman) PR with a proposed fix draft:
https://github.com/squid-cache/squid/pull/970
Any insights, suggestions, or recommended configuration would be greatly
appreciated.
Squid WCCP code has many problems. AFAICT, no Squid developer is
currently focusing on addressing them.
HTH,
Alex.
- ASA logs show that Squid is visible but marked as “NOT Usable” and
gets 0% hash allocation.
- I’m running Squid version 5.9 on Linux Ubuntu.
Questions:
1. Is there a known issue when using `wccp2_forwarding_method gre` with
devices that support GRE?
2. Could Squid gracefully fallback or detect ASA’s redirect mode
automatically?
3. Is there a specific Squid version better suited for WCCPv2 with GRE only?
Any insights, suggestions, or recommended configuration would be greatly
appreciated.
Thank you for your support and great work on Squid.
Best regards,
Assoham AWOUTOU
MACHAERO
******************************************************************************
The information contained herein may be company confidential and
proprietary. The information is intended only for the use of the named
individual or entity. If you are not the intended recipient, the
employee or agent responsible for delivering it to the intended
recipient, you are hereby notified that any use, dissemination,
distribution or copying of this communication is strictly prohibited. If
you have received this communication in error, please notify the sender
(and delete it from your systems) immediately. The information herein is
not warranted to be free of virus or any other defect that may affect
the recipient's computer system and it is your responsibility to carry
out appropriate virus checks of this email and attachments (if any).
******************************************************************************
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
