Solved: WAAS and firewalls

pthaynes · ‎02-20-2008

I have a WAAS deployment where there is a reasonable amount of traffic that goes through a firewall. Logically speaking the traffic goes from client to waas to remote waas then through a firewall to the server. I believe that the WAAS devices use IP options to communicate between each other.

My question is if the firewall (a Cisco ASA) blocks IP options will this prevent WAAS from working in my topology? I know there is an inspect command to allow WAAS to work through a firewall, but there is a memory leak in that command under 7.2(3) so I would like to avoid using it if I can.

Zach Seils · ‎02-20-2008

Peter,

WAAS uses TCP option 33, not IP options. By default, ASA will remove unknown options from TCP packets. If the firewall is not sitting in between the WAEs (i.e. in the optimized path), then there shouldn't be any problem with the firewall scrubbing the options.

Regards,

Zach

View solution in original post

Zach Seils · ‎02-20-2008

Peter,

WAAS uses TCP option 33, not IP options. By default, ASA will remove unknown options from TCP packets. If the firewall is not sitting in between the WAEs (i.e. in the optimized path), then there shouldn't be any problem with the firewall scrubbing the options.

Regards,

Zach

pthaynes · ‎02-20-2008

Zach,

Thanks for your help (and the quick response). That was the answer I was hoping for.

Regards,

Peter