Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
575
Views
0
Helpful
4
Replies

How do you restrict src/dst IP addresses using inline mode

Michael Anderson
Level 1
Level 1

‎11-14-2008 07:50 AM

I have an environment where I will be using inline on the remote side and WCCP in the hub. We have a known issue for a set of servers when they are redirected via WCCP. We're using ACL's on the routers to deny WCCP redirection for these servers. Now I have to briing up a WAE using inline mode. How do I accomplish denying these server IP addresses from getting WAAS'd on the inline device? Or do I need to since I have it configured via ACL's at the hub site. TIA

Labels:
0 Helpful
4 Replies 4

dstolt
Cisco Employee
Cisco Employee

‎11-14-2008 11:57 AM

If you have it bypassed on the core with ACLs, then it will be in PT no peer on the edge, but it may still go through autodiscovery (adding tcp options to the syn). Do you know what causes the problems with the servers, WCCP or the optimization?

I would add an application policy at the edges with the IP addresses in your ACL and set it to Passthrough. Unfortunitely there is not a way to use an ACL on a inline card, but that is the next best thing.

Let me know if that works,

Dan

0 Helpful

Michael Anderson
Level 1
Level 1
In response to dstolt

‎11-14-2008 12:25 PM

I'm not sure what causes the problem. It's a TN5250 application using ports 23 and 80. It's on my list to figure it out, but for now we have ACL'd the servers from getting wccp redirected. Like you said, he end goal would be to create an application policy. But I'm a little confused by your response. Are you saying you can create a App Policy using IP addresses with an inline card?

0 Helpful

dstolt
Cisco Employee
Cisco Employee
In response to Michael Anderson

‎11-14-2008 12:36 PM

Yes,

For the application policy, go into your all devices group (or where ever you are assigning the policies), Acceleration, Policy Definitions, and create a new Basic Application Policy. Then edit the Classifier, create new match conditions with the destination IP addresses of your server. Submit, change the Action to Passthrough and submit again. Make sure your edges pick up and policy and test it again. You should see those connections in PT from the CLI.

Hope that helps,

Dan

0 Helpful

Michael Anderson
Level 1
Level 1
In response to dstolt

‎11-14-2008 01:46 PM

Thank you sir. I will give it a shot and report back.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents