WAAS not working properly

Unanswered Question
Jul 24th, 2008
User Badges:

Hallo! I have this network topology:


Router A:

WAN - *.*.*.188

LAN1 - 172.16.99.1

LAN2 - 172.16.98.1

Test Computer A - 172.16.99.99

Central Manager - 172.16.99.3

Core-WAE - 172.16.98.2 (PBR Interception)


Router B:

WAN - *.*.*.45

LAN - 192.168.3.252

Edge-WAE - 192.168.3.254 (Inline interception)

Test Computer B - 192.168.3.9


I have GRE tunnel between Router A and Router B. I have configured traffic interception and it seems working fine, because in Connections tab (on Core-WAE and Edge-WAE both) i can see all activity between CompA and CompB (such as RDP, file transfer via HTTP and so on) but in applied-policies column i always see "NONE" , so there is no optimization. What could be the problem?

Thank you in advance!





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dstolt Thu, 07/24/2008 - 07:24
User Badges:
  • Cisco Employee,

Dmitri,


It sounds like your WAEs are not using the same policy or not seeing all the traffic. If you use from the CLI "Show tfo connect summ" you can see why the connections are in Passthrough. You can also see historically why connections are in passthrough via the following command "sh stat tfo pass-through". That should give you a place to start with why things are not being optimized.


I would validate 2 things:

1. Ensure you have pushed the same application policies to both WAEs via the "all device group" by restoring the defaults and then forcing the device group if needed.


2. Double check your pbr interception at the core and make sure you are intercepting in both directions (LAN and WAN based traffic).


See what you get and then we can dig further.


Hope that helps,

Dan

dmitri_vilesov Thu, 07/24/2008 - 23:05
User Badges:

Hello, Dan!


Thank you for your answer! I have applied default policies to All Devices Group again and it still not working.

Here is "sh tfo connesction sum output" (when i'm using remote-desktop:


Core-WAE:

172.16.99.99:3912 192.168.3.9:3389 PT Asym Client


Edge-WAE:

192.168.3.9:3389 172.16.99.99:3912 PT In Progress



dmitri_vilesov Thu, 07/24/2008 - 23:46
User Badges:

here is HTTP file transfer:


Core-WAE:

Core-WAE#sh tfo connection summary



Pass-Through Connections

Local-IP:Port Remote-IP:Port Conn Type

172.16.99.99:4370 194.186.55.27:2041 PT In Progress

192.168.3.9:1757 172.16.99.99:80 PT In Progress

64.12.25.145:443 172.16.99.99:4371 PT In Progress

194.186.55.27:2041 172.16.99.99:4370 PT In Progress

172.16.99.99:80 192.168.3.9:1757 PT In Progress

172.16.99.99:4371 64.12.25.145:443 PT In Progress


Edge-WAE#sh tfo connection summary



Pass-Through Connections

Local-IP:Port Remote-IP:Port Conn Type

172.16.99.99:80 192.168.3.9:1757 PT No Peer

192.168.3.9:1757 172.16.99.99:80 PT No Peer

dstolt Fri, 07/25/2008 - 03:32
User Badges:
  • Cisco Employee,

Dimitri,


You are missing interception somewhere, most likely at the core if you are using inline at the edge.


PT No Peer means he doesn't see a WAE at the other end of the autodiscovery session. PT Asynch Client means he only sees one side of the connection (only syn or ack).


I would double check at the edge that there isn't another link not going through the inline card. At the core, make sure you pbr statements are on both the WAN and LAN links.


Can you share your network diagram and core router(s)/WAE configs?


Dan

Actions

This Discussion