I have a very strange problem on the network since I put WAAS.
The architecture is as following :
Central site with access to remote sites else via MPLS operator network (provinding its routers) else via IPSec VPN with firewall.
Recently it was decided to try the WAAS solution to enhance performance on a particular remote site.
So I have one WAVE274 as manager on the central site, one WAVE474 (inline) between the network and the operator router leading to approximatively 100 remote sites, a WAVE474 on one remote site only (inline too).
All was properly functionning : Optimization and so on between the 2 WAVE474, no action for other remote sites (of course).
My problem is that access to one particular URL (really needed) from all the remote sites passing through the central WAAS box is not available anymore !!! Access to that URL is OK from all remote VPN sites and from the central site.
When putting off the WAVE474 of the central site, the URL access is regained.
I can't understand. I thought that only the traffic between 2 WAAS peers was optimized (modified) and that trafic passing through only one WAAS box was not modified (the central WAVE acting in that case as a wire).
Correct, non- waas installed sites will not try and get optimized. This is because WAAS uses auto-discovery inserting an option in the TCP options field. If waas is not installed on the remote sites there should be no tcp options.
I would check to make sure you have no access-lists configured on the WAVE.
Post you configuration for others to take a look at.
Also what version are you running? Do you have VBs enabled?
Sorry for the delay, I was not available till now.
The version used is 4.1.1.d and the configuration is the default one for inline use. I have just IP parameters for the management and I plugged the 2 inline ports without any additional config, just to see the improvement between the central site and one particular remote site.
Unfortunalely, it seems affecting all the remote sites, even those without WAAS box ...
WAAS uses a custom TCP option to automatically discovery peer WAAS devices to optimize the connection with. When a policy specifies that a certain type of traffic should be handled as pass-through, we don't insert the auto-discovery option.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...