07-24-2008 01:16 AM
Hallo! I have this network topology:
Router A:
WAN - *.*.*.188
LAN1 - 172.16.99.1
LAN2 - 172.16.98.1
Test Computer A - 172.16.99.99
Central Manager - 172.16.99.3
Core-WAE - 172.16.98.2 (PBR Interception)
Router B:
WAN - *.*.*.45
LAN - 192.168.3.252
Edge-WAE - 192.168.3.254 (Inline interception)
Test Computer B - 192.168.3.9
I have GRE tunnel between Router A and Router B. I have configured traffic interception and it seems working fine, because in Connections tab (on Core-WAE and Edge-WAE both) i can see all activity between CompA and CompB (such as RDP, file transfer via HTTP and so on) but in applied-policies column i always see "NONE" , so there is no optimization. What could be the problem?
Thank you in advance!
07-24-2008 07:24 AM
Dmitri,
It sounds like your WAEs are not using the same policy or not seeing all the traffic. If you use from the CLI "Show tfo connect summ" you can see why the connections are in Passthrough. You can also see historically why connections are in passthrough via the following command "sh stat tfo pass-through". That should give you a place to start with why things are not being optimized.
I would validate 2 things:
1. Ensure you have pushed the same application policies to both WAEs via the "all device group" by restoring the defaults and then forcing the device group if needed.
2. Double check your pbr interception at the core and make sure you are intercepting in both directions (LAN and WAN based traffic).
See what you get and then we can dig further.
Hope that helps,
Dan
07-24-2008 11:05 PM
Hello, Dan!
Thank you for your answer! I have applied default policies to All Devices Group again and it still not working.
Here is "sh tfo connesction sum output" (when i'm using remote-desktop:
Core-WAE:
172.16.99.99:3912 192.168.3.9:3389 PT Asym Client
Edge-WAE:
192.168.3.9:3389 172.16.99.99:3912 PT In Progress
07-24-2008 11:46 PM
here is HTTP file transfer:
Core-WAE:
Core-WAE#sh tfo connection summary
Pass-Through Connections
Local-IP:Port Remote-IP:Port Conn Type
172.16.99.99:4370 194.186.55.27:2041 PT In Progress
192.168.3.9:1757 172.16.99.99:80 PT In Progress
64.12.25.145:443 172.16.99.99:4371 PT In Progress
194.186.55.27:2041 172.16.99.99:4370 PT In Progress
172.16.99.99:80 192.168.3.9:1757 PT In Progress
172.16.99.99:4371 64.12.25.145:443 PT In Progress
Edge-WAE#sh tfo connection summary
Pass-Through Connections
Local-IP:Port Remote-IP:Port Conn Type
172.16.99.99:80 192.168.3.9:1757 PT No Peer
192.168.3.9:1757 172.16.99.99:80 PT No Peer
07-25-2008 03:32 AM
Dimitri,
You are missing interception somewhere, most likely at the core if you are using inline at the edge.
PT No Peer means he doesn't see a WAE at the other end of the autodiscovery session. PT Asynch Client means he only sees one side of the connection (only syn or ack).
I would double check at the edge that there isn't another link not going through the inline card. At the core, make sure you pbr statements are on both the WAN and LAN links.
Can you share your network diagram and core router(s)/WAE configs?
Dan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: