09-03-2008 08:54 AM
Hello,
I have two waas boxe, one in the data centre as teh core and the other as the edge. They both register with the central manager and they both see traffic but everything is passthrough as no policies are applied. They are in the same device group so that is not the problem. The issue is the two devices dont peer with each other. What could be the problem as the configs on the waes are standard and have been used successfully before in pervious deployments. Could it be one of the boxes have a problem and how can i check?
09-03-2008 10:13 AM
Have you verified that both WAEs are seeing traffic? Do you see all the connections in both under "sh tfo con sum"? If so, what are the PT reasons they list?
Thanks,
Dan
09-04-2008 12:15 AM
Hi Dan,
Yes.Both WAEs see traffic. The reasons listed are PT in progress and PT no peer. As a result there are not blue boxes on the topology page.
09-04-2008 04:07 AM
Do both WAEs see the same traffic in the connection lists?
How are you intercepting? Can you share your topology?
09-04-2008 06:42 AM
I am having the same issue after upgrading to 4.1.1. I opened a TAC case over an hour ago but have not received a return call.
Can you detail what commands in CLI to use to provide the information you are requesting?
UPDATE: sh auto-discovery list
E: Established, S: Syn, A: Ack, F: Fin, R: Reset
s: sent, r: received, O: Options, P: Passthrough
Src-IP:Port Dst-IP:Port Orig-St Term-St
Edge WAE is not performing auto-discovery? Core WAE is performing auto-discovery.
09-05-2008 10:23 AM
The commands in 4.1 have changed to more reflect parity across the show commands and other new feature commands.
Have you got what you needed from the TAC?
Dan
09-05-2008 10:38 AM
TAC was able to point me in the right direction.
09-05-2008 11:18 AM
Great. Good luck with your deployment.
Dan
09-15-2008 01:33 PM
What did TAC have you do? I'm having the same problem.
09-16-2008 05:04 AM
For me, changes were made to routing. Multiple routes existed for the redirected traffic, it was not being intercepted properly and peer discovery was not occuring properly.
09-17-2008 04:04 PM
I am having the same issue. How did you find the multiple routes and what were they to? Where there multiple routes from the edge to the core or core to edge? I am going to the client tommorow hopefully thats it.
09-18-2008 03:54 AM
I was able to resolve my issue by changing the access list for the WCCP. I guess this is something to do with the changes when going to transperent mode. Previously I had an access list with a permit on the core to the edge networks, and at the edge I had an access list with a permit from the edge to the core networks. After the change to the transparent I had to put a permit on both sides.
So before I had an access list similar to this:
access-list 120 permit ip 192.168.1.0 0.0.255.255 192.168.2.0 0.0.255.255
access-list 120 deny ip any any
Now I have something like:
access-list 120 permit ip 192.168.1.0 0.0.255.255 192.168.2.0 0.0.255.255
access-list 120 permit ip 192.168.2.0 0.0.255.255 192.168.1.0 0.0.255.255
access-list 120 deny ip any any
A quick way to test this is just to change the WCCP to not use an access list by using the commands:
ip wccp 61
ip wccp 62
Obviously this doesn't apply if you are using WAAS inline.
09-18-2008 05:13 AM
we have this on the edge, where 10.32.1.0/25 is the lan side of the remote
access-list 100 permit ip 10.32.1.0 0.0.0.127 any
access-list 100 permit ip any 10.32.1.0 0.0.0.127
and this on the core so it should be good.
access-list 100 permit ip 10.32.1.0 0.0.0.127 any
access-list 100 permit ip any 10.32.1.0 0.0.0.127
However i do agree on taking the acl off to see if that it.
09-22-2008 04:34 AM
Just a FYI that we had rebooted both the cores one at a time and that seems to have fixed it. Weird.
09-04-2008 10:00 AM
yes they see the same traffic in the connection lists. Please see
below
CORE
10.12.14.7:445 10.12.20.14:4955 PT No Peer
10.12.20.69:3049 10.2.50.103:80 PT No Peer
10.12.29.158:4427 10.12.14.73:1144 PT In Progress
10.12.14.11:8080 10.12.20.62:1855 PT Server Blackli
10.12.14.14:1199 10.12.20.89:3620 PT No Peer
10.12.20.62:1785 10.12.14.7:445 PT In Progress
10.12.29.21:1256 10.2.50.97:80 PT In Progress
10.12.29.33:2248 10.12.14.6:135 PT App Cfg
10.12.29.83:4882 10.2.50.97:80 PT No Peer
10.12.14.9:1142 10.12.29.33:2241 PT In Progress
10.12.14.4:1025 10.12.20.62:1758 PT In Progress
10.12.14.14:1199 10.12.29.28:2361 PT No Peer
10.12.20.33:3448 10.12.14.3:1202 PT In Progress
10.12.20.66:4486 10.12.14.6:135 PT In Progress
10.2.50.97:80 10.12.29.83:4882 PT No Peer
10.12.14.7:445 10.12.20.90:3666 PT In Progress
10.12.29.220:2749 10.12.1.179:1433 PT In Progress
10.12.20.78:3915 10.12.14.14:80 PT No Peer
10.12.20.14:4891 10.12.14.9:1142 PT In Progress
10.12.29.25:4487 10.12.14.14:80 PT No Peer
10.2.50.97:80 10.12.29.85:4612 PT In Progress
10.12.29.56:4305 10.12.14.6:1025 PT In Progress
EDGE
10.12.20.113:3178 10.2.50.103:80 PT No Peer
10.12.14.14:1199 10.12.20.89:3620 PT No Peer
10.12.14.14:1199 10.12.20.32:1489 PT In Progress
10.12.20.62:1887 10.12.14.11:8080 PT In Progress
10.12.14.11:8080 10.12.20.62:1887 PT In Progress
10.12.20.54:1849 10.12.14.3:1202 PT In Progress
10.12.14.14:1199 10.12.20.188:3845 PT In Progress
10.12.14.236:80 10.12.20.78:3918 PT No Peer
10.12.14.4:1025 10.12.20.69:3025 PT In Progress
10.15.1.3:1154 10.12.20.35:50478 PT No Peer
10.12.14.9:1142 10.12.20.75:2770 PT In Progress
10.12.20.75:2773 10.12.14.9:1035 PT No Peer
10.12.14.7:445 10.12.20.63:1492 PT No Peer
10.12.20.75:2767 10.12.14.9:1142 PT No Peer
10.9.1.13:1390 10.12.20.13:2597 PT In Progress
10.12.14.14:1199 10.12.20.69:3055 PT In Progress
10.12.20.78:3915 10.12.14.14:80 PT No Peer
10.2.50.119:8085 10.12.20.62:1903 PT No Peer
10.12.14.9:1142 10.12.20.75:2771 PT In Progress
10.12.20.75:2680 10.9.1.13:1390 PT In Progress
10.12.20.14:4891 10.12.14.9:1142 PT No Peer
10.9.1.13:1390 10.12.20.75:2680 PT In Progress
10.12.14.11:8080 10.12.20.62:1904 PT Server Blacklist
10.12.20.78:3918 10.12.14.236:80 PT No Peer
The core wae is in a separate subnet hanging off the WAN aggregation
router and intercepting traffic using wccp
The edge wae is using wccp egress method to intercept traffic at the remote site
i am running version 4.0.17 and i dont have the command sh auto-discovery list
is there a way out here?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide