Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Do I need "ip inspect WAAS enable" when WAE directly connected to ISR?

I have a 3800 ISR with Gig0/0 connected to LAN, Serial0/0 connected to WAN, and Gig1/0 connected directly to a WAE-674. I'm using WCCP between the ISR and WAE. The ISR also does IP inspection and call manager express functions.

The "ip inspect in" is configured on the router LAN interface Gi0/0. There is no ip inspect configured for the port connected to WAE or the WAN interface. In this case, do I still need to configure "ip inspect WAAS enable" globally?

One other question: should I also configure "ip inspect" for the router port connected to WAE, as a good practice?

Thanks

Gary

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Do I need "ip inspect WAAS enable" when WAE directly connect

Hi Gary,

The purpose of adding ip inspect command to interface is to allow the auto-discovery option that goes with initial SYN packet to carry all the way to other side WAE unit during initial 3-way TCP handshake. This command tells the IOS not to strip-off Auto-discovery option.

Hence you really do not need that on LAN side / interface connected to WAE. Once WAE receives the packet with this option, it identifies the peer and start optimizing from that point onwards.

On the other side, having this command on those interfaces will not hurt, too.

But, you need ip inspect waas command only if the WAEs across the WAN are not recognizing each other due to zone based firewall policy or any other security appliances. Otherwise you are good without this command.

More details can be found here: Configuring Directed Mode

Hope this helps.

Regards.

PS: Please mark this as Answered, if this answers your question.

1 REPLY
Cisco Employee

Re: Do I need "ip inspect WAAS enable" when WAE directly connect

Hi Gary,

The purpose of adding ip inspect command to interface is to allow the auto-discovery option that goes with initial SYN packet to carry all the way to other side WAE unit during initial 3-way TCP handshake. This command tells the IOS not to strip-off Auto-discovery option.

Hence you really do not need that on LAN side / interface connected to WAE. Once WAE receives the packet with this option, it identifies the peer and start optimizing from that point onwards.

On the other side, having this command on those interfaces will not hurt, too.

But, you need ip inspect waas command only if the WAEs across the WAN are not recognizing each other due to zone based firewall policy or any other security appliances. Otherwise you are good without this command.

More details can be found here: Configuring Directed Mode

Hope this helps.

Regards.

PS: Please mark this as Answered, if this answers your question.

1726
Views
0
Helpful
1
Replies
CreatePlease login to create content