I have a scenario with 16 WAAS (274, 294 and 574) + 1 CM (274). All the WAAS have communication between then trough a VPN IP MPLS except 3 of then that communicate with the VPN IP MPLS trough IPSec tunnel. All the WAAS are configured in inline interception, installed between the local LAN and the router of this LAN.
The WAAS the are in the VPN IP MPLS don't have any problem and optimize the traffic with no problem. The 3 WAAS the are in site connected with IPSec tunnel don't optimize the traffic. the connection appear with the stat of PT no peer or PT in progress.
Why the connection are not optimized in the 3 sites with IPSec tunnel? how can i resolve this problem.
You need to "inspect WAAS" in your firewall (as i presume your IPsec terminates on a firewall ?)
By default, WAAS transparently sets up new TCP connections to peer WAEs, which can cause firewall traversal issues when a WAAS device tries to optimize the traffic. If a WAE device is behind a firewall that prevents traffic optimization, you can use the directed mode of communicating to a peer WAE. In directed mode, all TCP traffic that is sent to a peer WAE is encapsulated in UDP, which allows a firewall to either bypass the traffic or inspect the traffic (by adding a UDP inspection rule).
Any firewall between two WAE peers must be configured to pass UDP traffic on port 4050, or whatever custom port is configured for directed mode if a port other than the default is used. Additionally, because the WAAS automatic discovery process uses TCP options before directed mode begins sending UDP traffic, the firewall must be configured to pass the TCP options. Cisco firewalls can be configured to allow TCP options by using the ip inspect waas command (for Cisco IOS Release 12.4(11)T2 and later releases) or the inspect waas command (for FWSM 3.2(1) and later releases and PIX 7.2(3) and later releases).
In one site i have router Cisco 881-k9 with IOS Data-Universalk9-M 15.1(4)M4. The router connect to the inline interface of the WAE 294 and the WAE connect to the Local LAN. I have tested with the IOS firewall of the router disabled and the connection are not optimized.
In second site I have a router Cisco 1811 with IOS AdvIPServicesK9 12.4(15)T17 is connect to the inline interface of the WAE 274 that connect to the local LAN. Also haved disable IOS firewall and test the optimization of the connection with no success.
In the 2 site with the firewall disable the ip inspect command is necessary? why the WAE don´t optimize the connection with the firewall disable?
the 3 site have a router draytek 2960 connect to the inline interface. It is possible in this model of router configure the ip inspect waas or a similar command?
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...