Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3787
Views
0
Helpful
1
Replies

Do I need "ip inspect WAAS enable" when WAE directly connected to ISR?

Go to solution
gwhuang5398
Level 2
Level 2

‎09-17-2010 10:51 AM

I have a 3800 ISR with Gig0/0 connected to LAN, Serial0/0 connected to WAN, and Gig1/0 connected directly to a WAE-674. I'm using WCCP between the ISR and WAE. The ISR also does IP inspection and call manager express functions.

The "ip inspect in" is configured on the router LAN interface Gi0/0. There is no ip inspect configured for the port connected to WAE or the WAN interface. In this case, do I still need to configure "ip inspect WAAS enable" globally?

One other question: should I also configure "ip inspect" for the router port connected to WAE, as a good practice?

Thanks

Gary

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Bhavin Yadav
Cisco Employee
Cisco Employee

‎09-17-2010 03:56 PM

Hi Gary,

The purpose of adding ip inspect command to interface is to allow the auto-discovery option that goes with initial SYN packet to carry all the way to other side WAE unit during initial 3-way TCP handshake. This command tells the IOS not to strip-off Auto-discovery option.

Hence you really do not need that on LAN side / interface connected to WAE. Once WAE receives the packet with this option, it identifies the peer and start optimizing from that point onwards.

On the other side, having this command on those interfaces will not hurt, too.

But, you need ip inspect waas command only if the WAEs across the WAN are not recognizing each other due to zone based firewall policy or any other security appliances. Otherwise you are good without this command.

More details can be found here: Configuring Directed Mode

Hope this helps.

Regards.

PS: Please mark this as Answered, if this answers your question.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Bhavin Yadav
Cisco Employee
Cisco Employee

‎09-17-2010 03:56 PM

Hi Gary,

The purpose of adding ip inspect command to interface is to allow the auto-discovery option that goes with initial SYN packet to carry all the way to other side WAE unit during initial 3-way TCP handshake. This command tells the IOS not to strip-off Auto-discovery option.

Hence you really do not need that on LAN side / interface connected to WAE. Once WAE receives the packet with this option, it identifies the peer and start optimizing from that point onwards.

On the other side, having this command on those interfaces will not hurt, too.

But, you need ip inspect waas command only if the WAEs across the WAN are not recognizing each other due to zone based firewall policy or any other security appliances. Otherwise you are good without this command.

More details can be found here: Configuring Directed Mode

Hope this helps.

Regards.

PS: Please mark this as Answered, if this answers your question.

0 Helpful
Customers Also Viewed These Support Documents