I've started configuring WAAS devices for my network and have run into a few questions. I'm using WCCP redirection, not inline mode and the topology looks like:
I currently cannot get my WAE from directly outside our firewall to register w/ the Central Management server. I've got the control ports opened in my firewall, which I've researched as being UDP / 2048. I'm trying to figure out why it's not connecting, if it's my firewall blocking the traffic, or if I misconfigured something on the WAE's / Routers.
From all the documentation that i've read it's as simple as running the setup on your WAE's, & pointing them back to your central manager, but i'm not so naive to think that it's going to be that easy :). I did this, & configured WCCP on my HQ router, and I don't see the WAE's showing up in my CM.
Also, the WAE674's are on seperate subnets, off the router, not on my internal LAN, or on my network segment between the firewall & my router. I created a new network segment off of the router, because this is the way I interpreted the documentation. Is that correct?
I shouldnt be running into issues with the firewall correct? All acceleration is being done outside, and the central management device is just for policy updates, etc? Any thoughts as to why this isn't working would be very helpful.
Yes that's a very neat design and gives you flexability to choose which protocols you want to accelarate also on router level.
Typically you can remove management (ssh, https, 8443) protocols on this level.
Plus with WCCP it's more scalabale if you want to add more routers or WAEs in the future.
As per Marcin's comments, UDP port 2048 is used by WCCP for WCCP HIA/ISU packet exchange.
You will need port 22 / SSH open between WAE and CM to register and talk to each other.
PS: Pelase mark thsi as Answered, if this resolves your issue.
UDP 2048 is WCCP
WAE will open to CM: tcp/443 and maybe tcp/22-23 if you manage from there.
check "show cms info" on accelarators to see if they are properly registered.
TCP/443 is what you need to allow, 8443 of course for manegement ;-)