WCCP test failed

Unanswered Question
Aug 6th, 2009

Dear All,

I have two different locations (Site-A and Site-B) and i am trying to implement WAAS. In my design I placed the WAE devices (CM, core, edge) on different vlans and connected them physically to subinterfaces of the related ASA firewall on each site.

For my WAE devices the gateway is the related subinterface of the firewalls and the edge routers are the next hop. All WAE devices can communicate with each other. in the diagnostics tests all pass except the WCCP fail.

For WCCP test i am getting the following error message:

WARN BAD_WCCP_RTR WAE does not see router 10.10.10.1

Recommendation: Check if WCCP router address is correct, reachable and configured to use WCCP.

FAIL NO_WCCP_RTRS Device does not see any of WCCP routers

10.10.10.1 is the gateway for the WAE and it is the subinterface on the firewall.

I enabled WAAS inspection on the ASA firewalls. Do i need to add the routers to the WAE devices and enable wccp on the routers which are the next hop for my wae devices?

As i mentioned above i placed the WAE devices on one of the subinterface of the related firewall and then i have the routers after the firewall as a next hop.

Is that a correct design or i have to place the WAE devices between the firewall and the edge routers?

Thank you for your kind advice and assistance.

Regards,

ferhat micoogullari

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
micoogullari Fri, 08/07/2009 - 02:39

Thanks for your kind reply.

on the ASA the WCCP is enabled but on the remote site i have the edge WAE and the clients on different subinterfaces and vlans. in HQ i have the core WAE and the servers on different subisterfaces and vlans.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/dhcp.html#wp1094445

In the link above it says:

"WCCP redirect is supported only on the ingress of an interface. The only topology that the security appliance supports is when client and cache engine are behind the same interface of the security appliance and the cache engine can directly communicate with the client without going through the security appliance. "

does it mean that I have to put the edge WAE on the same vlan with the clients and the core WAE with the servers vlan?

Zach Seils Fri, 08/07/2009 - 13:40

Ferhat,

Are you trying to use WCCP on the ASA to redirect traffic to WAAS? If so, the WCCP implementation in ASA is not compatible with WCCP on WAAS.

Regards,

Zach

lampardbri Sun, 08/09/2009 - 07:59

Zach,

What exactly is/are the incompatibilities between WAAS and ASA?

thanks,

Brian

Zach Seils Mon, 08/10/2009 - 07:20

Brian,

The biggest issue is that the WCCP implementation in ASA does not support WCCP services that preserve the client IP address.

Regards,

Zach

micoogullari Sun, 08/09/2009 - 23:51

Hi Zach,

true, i am trying to use WCCP on the ASA to redirect the traffic to WAAS.

Instead of connecting the WAAS device to the edge router I connected it to the ASA and trying to do the redirection (the router is the next hop).

If the WCCP implementation in ASA is not compatible with WCCP on WAAS then i should change my design and connect the WAAS to the router, not to the ASA.

Is that the case?

Kind Regards,

ferhat

Zach Seils Mon, 08/10/2009 - 07:21

Ferhat,

Can you please share a topology diagram of your proposed design?

Thanks,

Zach

david-lima Tue, 09/01/2009 - 10:57

Hi Zach, I'm starting with a WAAS labo, I'm using a WAE-502 module which is embedded on the 2811 router, i'm confused especially the concept of subinterfaces. I understand when the WAAS is an external appliance connected to the router, but what happens when the card is embedded?

What is the right way to configure the integrated-service-modulo with a subinterface?

Thanks a lot for your help

David

Daniel Laden Wed, 09/09/2009 - 21:59

Configuring Cisco WAAS Network Modules for Cisco Access Routers

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v403/module/configuration/guide/wsnmecfg.html

interface integrated-service-module1/0

ip address 10.10.10.1 255.255.255.0

service-module ip address 10.10.10.2 255.255.255.0

service-module ip default-gateway 10.10.10.1

You will want something similar to the above. It will create a subnet inside the router for the WAE module. The interface IP is the router IP in this subnet. The service-module IP and GW are the settings on the NME.

- Dan

david-lima Fri, 09/18/2009 - 13:44

Hi Dan, thanks for your mail and help, please be nice I'm starting with WAAS. My network is 172.23.2.0/24. There is no vlans yet for PC users and servers, so my WAE Central Manager has the IP 172.23.2.100 and my NM-WAE will have this configuracion:

interface integrated-service-module1/0

ip address 10.10.10.1 255.255.255.0

service-module ip address 10.10.10.2 255.255.255.0

service-module ip default-gateway 10.10.10.1

On the remote site:

Network address: 172.23.4.0/24

And the remote NM-WAE:

interface integrated-service-module1/0

ip address 10.10.20.1 255.255.255.0

service-module ip address 10.10.20.2 255.255.255.0

service-module ip default-gateway 10.10.20.1

Please help me to validate the configuration, it doesn't matter is the NM-WAE has different network address?

They will be able to register without any problem in the Central Manager.

Thanks again Dan for your suggestions.

All the best.

David.

Actions

This Discussion