02-20-2008 06:12 PM
I have a WAAS deployment where there is a reasonable amount of traffic that goes through a firewall. Logically speaking the traffic goes from client to waas to remote waas then through a firewall to the server. I believe that the WAAS devices use IP options to communicate between each other.
My question is if the firewall (a Cisco ASA) blocks IP options will this prevent WAAS from working in my topology? I know there is an inspect command to allow WAAS to work through a firewall, but there is a memory leak in that command under 7.2(3) so I would like to avoid using it if I can.
Solved! Go to Solution.
02-20-2008 06:18 PM
Peter,
WAAS uses TCP option 33, not IP options. By default, ASA will remove unknown options from TCP packets. If the firewall is not sitting in between the WAEs (i.e. in the optimized path), then there shouldn't be any problem with the firewall scrubbing the options.
Regards,
Zach
02-20-2008 06:18 PM
Peter,
WAAS uses TCP option 33, not IP options. By default, ASA will remove unknown options from TCP packets. If the firewall is not sitting in between the WAEs (i.e. in the optimized path), then there shouldn't be any problem with the firewall scrubbing the options.
Regards,
Zach
02-20-2008 06:28 PM
Zach,
Thanks for your help (and the quick response). That was the answer I was hoping for.
Regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide