Cisco Support Community
Community Member

ASA inspect waas

Does ASA inspect wass command equal to:

1) allow tcp option 33 (0x21) for auto-discovery btw waas devices;

2) disable tcp sequence number checking;

3) disable DPI (Deep Packet Inspection) for compressed waas packets.

Topology: DC (waas)-------ASA------WAN--------ASA---------Branch (waas)

Do we still we to add any extra command on ASA in term of auto-discovery and optimize traffic btw DC and Branch waas units?

I have the Branch waas configured in-line mode but traffic is not optimized at all.  show stat conn indicates traffic is in "PT no peer"

When I look at ASA on Branch, show policy inpsect waas command indicates that ASA received many WAAS TCP SYN packets but there was "No" WAAS SYN ACK packet on the command outputs.  Does this mean auto-discovery is still not working?  DC and Brach waas is not seeing each other?

I reloaded Branch waas few times but with no luck, the situation remains the same.  Any suggestion?



Community Member

Re: ASA inspect waas


Did you get it working ? I have the same issue.

WAAS-Core ----> ASA ----------------------> WAAS-Edge

# show service-policy inspect waas

Global policy:

  Service-policy: global_policy

    Class-map: inspection_default

      Inspect: waas, packet 995, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0

        SYN with WAAS option 995

        SYN-ACK with WAAS option 0

        Confirmed WAAS connections 0

        Invalid ACKs seen on WAAS connections 0

        Data exceeding window size on WAAS connections 0

The CoreWAAS shows "PT AD Int Error"  while the EdgeWAAS shows "PT No Peer" for the connection. PBR is used on both ends to route traffic to WAAS box.

WAAS Device: WAAS Software 5.1.1 running on SRE-710 on ISE 2921

ASA FW: Running 9.1.1



CreatePlease to create content