I deployed 2x6500 and 3xWAE in a branch. Problem is when I set wccp on - all traffic is cut off for the interface with service 61. I've ACL considering traffic which have to be redirected but there is no any match in this ACL.
Each WAE is connected to both 6500 (FE, full-duplex). I've also another branch in the same configuration working (but WAE is connected by GE - this is only one difference)
You need to intercept in both directions (61 and 62) for full optimization to work. You also need service 62 working for tcp-promiscuous to function with the WAE. I would recommend either moving interception further into the infrastructure (towards the local hosts), terminate the tunnel on a different box upstream towards the WAN or look at inline or other interception methods outside the tunnel. Your software based routers can do interception successfully on tunnels as you have found out, but the 6500 cannot do it on the hardware asics yet, maybe in the next generation SUP.
For best practices on egress method on the 6500, you should not use negotiated return, but Generic GRE with a GRE tunnel between the WAE and the router per the last posting. The 6500 hardware doesn't support L2 return or Negotiated return yet, so either just use the default (IP forwarding) or Generic GRE.
Hope that helps,