I've got the WAAS setup and i'm see ok acceleration between sites but I have a complete failure of remote desktop. I've had to place a deny statement in my access list on the remote sites router for port 3389 to exclude traffic from the WAAS to even be able to get an RDP connection to work. I've tried to tell the WAAS to just set Remote-Desktop traffic to pass through but still no luck. Any help would be appreciated.
If traffic on port 3389 (RDP) is being seen by the WAAS and I initiate a Remote Desktop Session to a pc on the other end of the WAAS the connection will time out. If RDP is being blocked from WAAS the connection will take a little bit to establish but will work fine.
Can you add RDP (even if just from a test client) back to the redirect list and take simultaneous packet captures on both WAAS devices?
The syntax on the WAAS device is:
tethereal -f "port 3389" -w
I was able to do the capture thanks for the instructions!
I've attached two capture files from the WAE at my location. The first file 'noredirect_wi' is with port 3389 traffic going through the WAAS; it looks to me like traffic is reaching the destination but can't get back. The second file 'redirect_wi' is with traffic for port 3389 by passing the WAAS and the RDP session working.
*I didn't include the destenation side captures because they had no data on port 3389 let me know if you would like me to do a capture on everything for that side.
Because Internet access is allowed directly from the remote sites the ACL below will only redirect traffic destined for private addresses to the 474 located at the remote site.
ip access-list extended WCCP-REDIRECT
permit tcp 10.0.0.0 0.255.255.255 172.17.0.0 0.0.255.25
permit tcp 172.17.0.0 0.0.255.255 10.0.0.0 0.255.255.255
permit tcp 172.16.0.0 0.15.255.255 172.17.0.0 0.0.255.25
permit tcp 172.17.0.0 0.0.255.255 22.214.171.124 0.15.255.255
permit tcp 192.168.0.0 0.0.255.255 172.17.0.0 0.0.255.25
permit tcp 172.17.0.0 0.0.255.255 192.168.0.0 0.0.255.255
By adding this I can force RDP to sort of work
deny tcp any any eq 3389
deny tcp any eq 3389
The reason I ask is that I don't see any TCP auto-discovery options in the noredirect capture. Do you have the policy for RDP traffic set ti pass-through?
Can you provide additional detail on your deployment? Are you tunneling traffic or performing any type of encryption?
All devices running 4.1.5f
Wave 574 at main site witha 274 CM, remote sites all have 474's. All remote sites connect back to main site via VPN tunnels.