More information, if this helps to narrow it down...I have tried adjusting MTU sizes to try to solve this. When I set wccp0 to 1200, it seems to make no difference at all. When I set eth0 to 1200, ebay.com will not load at all. Other sites (presumably with smaller page?) can load OK. Also, very curious to me, I notice from a sniffer trace on the Squid box, that the SYN packet goes through the GRE tunnel, the SYN-ACK does not (seems to be a spoof from Squid back to client), and the final ACK goes through the tunnel. Is this normal?
________________________________ From: Shaun Skillin (home) Sent: Wed 9/20/2006 8:19 PM To: Henrik Nordstrom; Shaun Skillin (home) Cc: Squid Users Subject: RE: [squid-users] WCCPv2 current instructions? Hi Henrik, For this test, all of the clients are on the same LAN, 172.16.1.X/24. The firewall is 172.16.1.254, squid is 172.16.1.3, clients are .100-.199 (dhcp range). Client gateway is 172.16.1.252, which is a Cisco 3550 Layer 3 switch with IP redirects. I was wondering if I perhaps need to adjust the TCP MSS because we're using a GRE tunnel? I don't know if this is possible on an ASA firewall. I also heard something about vport? Shaun -----Original Message----- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 20, 2006 1:48 PM To: Shaun Skillin (home) Cc: Squid Users Subject: RE: [squid-users] WCCPv2 current instructions? ons 2006-09-20 klockan 08:07 -0600 skrev Shaun Skillin (home): > more help. I've experienced a few times that certain websites (like > Ebay auctions) have problems. I can access most things on the site, but > certain functions just die horribly in timeout-land. When I put the > settings directly into the browser, I have no problem, but when running > transparent using WCCP I have this problem. Sites causing timeout problems when intercepted but not when using proxy configuration usually indicates an MTU related problem for traffic proxy->client. What does the network between your station and the proxy look like? Any path there with a MTU smaller than the standard ethernet? Regards Henrik
