I've been doing a dig on historical posts relating to WAAS deployed through firewalls.
I am working on a deployment with Juniper Netscreens & ASA5520 sitting between WAE's. IP connectivity is fine. I can ssh to remote device etc. but users cannot login (XP). The login scripts calls upon CIFS etc and I suspect this is being broken through the fw's.
When I disable WAAS for this flow - it all works fine i.e. users can login and access full set of corporate resources. I suspect the firewalls but would appreciate any leads..
WAAS adds TCP Option 0x21 and increments TCP packet sequence number during TCP handshake. FW needs to be configured to allow these changes.
On the latest PIX/ASA a new command "ip inspect waas" has been added to allow above changes by wae. You might want to check Netscreen config guide on command to disable TCP sequence number checking.
If SSH to Servers is working fine then it might not be FW dropping packets. However to confirm it might be best to use tcpdump/tethereal on both WAEs and to sniff the traffic on whether its being dropped along the path by the FW.
Few questions: - Whats the version running on WAEs? - Is it only CIFS traffic which is affected? Try disabling CIFS AO if its enabled and then test.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...