VPN tunnel with WAAS card NME-WAE-502

Unanswered Question
Oct 16th, 2007

We have installed a NME-WAE-502 card in a remote Cisco 2811 router. The router is configured with a VPN-tunnel to the main site where the central inline wae resides.

From the remote site you can ping the central wae and vice versa. We can telnet back and forth as well.

The problem is that we cannot register the remote wae via the VPN tunnel...

The VPN tunnel works fine for other traffic, both tcp and udp.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Zach Seils Tue, 10/16/2007 - 04:07


What version of WAAS are you running? You may need to lower the optimized MSS to accommodate the tunnel/IPSec overhead? The CLI command is:

tfo tcp optimized-mss

This needs to be executed on the WAE's on both sides.


mathias.lindgre... Tue, 10/16/2007 - 04:18

I have entered (on both wae's)

tfo tcp optimized-mss 1250

tfo tcp original-mss 1250

The message I get when I try to register:

Registering WAAS Application Engine...

Sending device registration request to Central Manager with address 172.a.b.c

Failed to contact CDM 172.a.b.c(Unmarshaled: 9001). Please check connectivity with CDM device and

status of management service on CDM.

register: Registration failed.

cms: unable to register node

FAILED to enable management services


Zach Seils Tue, 10/16/2007 - 04:32

I can also suggest the following troubleshooting steps:

1. Verify you can telnet from the NME-WAE to the CM on port 443. This is the port used for communication between the NME-WAE and CM.

2. Verify the CMS service is running on the CM using the CLI command 'sh cms info' on the CM.

3. Ensure that no existing CMS tables exist on the NME-WAE with the config mode command 'cms der for' on the NME-WAE.


mathias.lindgre... Tue, 10/16/2007 - 04:59

1. sewae#telnet 172.a.b.c 443

Trying 172.a.b.c...

Connected to 172.a.b.c.

Escape character is '^]'.


Connection closed by foreign host.

2. Since I cannot register the CMS is not working.

3. Tried that as well. I have also restored factory defaults.

Zach Seils Tue, 10/16/2007 - 05:04

Have you tried restarting the CMS service on the CM? You should also check the CMS logs on both devices:


Finally I would suggest a packet capture on the CM to verify that the connection is established and packets are being exchanged during the registration process.



This Discussion