Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

VPN tunnel with WAAS card NME-WAE-502

We have installed a NME-WAE-502 card in a remote Cisco 2811 router. The router is configured with a VPN-tunnel to the main site where the central inline wae resides.

From the remote site you can ping the central wae and vice versa. We can telnet back and forth as well.

The problem is that we cannot register the remote wae via the VPN tunnel...

The VPN tunnel works fine for other traffic, both tcp and udp.

5 REPLIES
Cisco Employee

Re: VPN tunnel with WAAS card NME-WAE-502

Mathias,

What version of WAAS are you running? You may need to lower the optimized MSS to accommodate the tunnel/IPSec overhead? The CLI command is:

tfo tcp optimized-mss

This needs to be executed on the WAE's on both sides.

Zach

Community Member

Re: VPN tunnel with WAAS card NME-WAE-502

I have entered (on both wae's)

tfo tcp optimized-mss 1250

tfo tcp original-mss 1250

The message I get when I try to register:

Registering WAAS Application Engine...

Sending device registration request to Central Manager with address 172.a.b.c

Failed to contact CDM 172.a.b.c(Unmarshaled: 9001). Please check connectivity with CDM device and

status of management service on CDM.

register: Registration failed.

cms: unable to register node

FAILED to enable management services

/Mathias

Cisco Employee

Re: VPN tunnel with WAAS card NME-WAE-502

I can also suggest the following troubleshooting steps:

1. Verify you can telnet from the NME-WAE to the CM on port 443. This is the port used for communication between the NME-WAE and CM.

2. Verify the CMS service is running on the CM using the CLI command 'sh cms info' on the CM.

3. Ensure that no existing CMS tables exist on the NME-WAE with the config mode command 'cms der for' on the NME-WAE.

Zach

Community Member

Re: VPN tunnel with WAAS card NME-WAE-502

1. sewae#telnet 172.a.b.c 443

Trying 172.a.b.c...

Connected to 172.a.b.c.

Escape character is '^]'.

kjhkjh^]

Connection closed by foreign host.

2. Since I cannot register the CMS is not working.

3. Tried that as well. I have also restored factory defaults.

Cisco Employee

Re: VPN tunnel with WAAS card NME-WAE-502

Have you tried restarting the CMS service on the CM? You should also check the CMS logs on both devices:

/local1/errorlog/cms_log.0

Finally I would suggest a packet capture on the CM to verify that the connection is established and packets are being exchanged during the registration process.

Zach

392
Views
0
Helpful
5
Replies
CreatePlease to create content