Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WAAS and firewalls

I have a WAAS deployment where there is a reasonable amount of traffic that goes through a firewall. Logically speaking the traffic goes from client to waas to remote waas then through a firewall to the server. I believe that the WAAS devices use IP options to communicate between each other.

My question is if the firewall (a Cisco ASA) blocks IP options will this prevent WAAS from working in my topology? I know there is an inspect command to allow WAAS to work through a firewall, but there is a memory leak in that command under 7.2(3) so I would like to avoid using it if I can.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: WAAS and firewalls

Peter,

WAAS uses TCP option 33, not IP options. By default, ASA will remove unknown options from TCP packets. If the firewall is not sitting in between the WAEs (i.e. in the optimized path), then there shouldn't be any problem with the firewall scrubbing the options.

Regards,

Zach

2 REPLIES
Cisco Employee

Re: WAAS and firewalls

Peter,

WAAS uses TCP option 33, not IP options. By default, ASA will remove unknown options from TCP packets. If the firewall is not sitting in between the WAEs (i.e. in the optimized path), then there shouldn't be any problem with the firewall scrubbing the options.

Regards,

Zach

New Member

Re: WAAS and firewalls

Zach,

Thanks for your help (and the quick response). That was the answer I was hoping for.

Regards,

Peter

842
Views
5
Helpful
2
Replies
CreatePlease login to create content