WAAS and firewalls

Answered Question
Feb 20th, 2008

I have a WAAS deployment where there is a reasonable amount of traffic that goes through a firewall. Logically speaking the traffic goes from client to waas to remote waas then through a firewall to the server. I believe that the WAAS devices use IP options to communicate between each other.

My question is if the firewall (a Cisco ASA) blocks IP options will this prevent WAAS from working in my topology? I know there is an inspect command to allow WAAS to work through a firewall, but there is a memory leak in that command under 7.2(3) so I would like to avoid using it if I can.

I have this problem too.
0 votes
Correct Answer by Zach Seils about 8 years 9 months ago

Peter,

WAAS uses TCP option 33, not IP options. By default, ASA will remove unknown options from TCP packets. If the firewall is not sitting in between the WAEs (i.e. in the optimized path), then there shouldn't be any problem with the firewall scrubbing the options.

Regards,

Zach

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Zach Seils Wed, 02/20/2008 - 18:18

Peter,

WAAS uses TCP option 33, not IP options. By default, ASA will remove unknown options from TCP packets. If the firewall is not sitting in between the WAEs (i.e. in the optimized path), then there shouldn't be any problem with the firewall scrubbing the options.

Regards,

Zach

pthaynes Wed, 02/20/2008 - 18:28

Zach,

Thanks for your help (and the quick response). That was the answer I was hoping for.

Regards,

Peter

Actions

This Discussion