10-28-2010 12:51 PM
I have a new 3945 router with a SM-SRE-900 module for WAAS. The 3945 also has IP inspection configured. When IP inspection and WCCP redirection running at the same time, user connections to data center were all lost. If just IP inspection or WCC Rredirection but not both, user connections were good.
I'm feeling the problem is IP inspection not WAAS aware. I tried "ip inpsect waas enable", but the command was not available. The 3945 router, SM-SRE module, and the IOS code, are all newest versions. So I was wondering if anyone has seen the similar issues and had experience of enabling WAAS through IP inspection on those new products.
Here is the configuration info:
3945 G2 ISR: IOS 15.1(1)T1;
SM-SRE-900: WAAS 4.2.3 build7;
3945 LAN interface: ip inspection in and ip wccp 61 redirect in
3945 WAN interface: ip wccp 62 redirect in
3945 SM 1/0 interface: internal connection to SM-SRE module
Between 3945 and SM-SRE module: WCCP GRE redirection and IP Forwarding return.
If you are aware of any 15.1(1)T1 bugs that may be related, please let me know too.
Thanks for any help.
Solved! Go to Solution.
11-01-2010 06:44 AM
Hi,
This is in general for IOS / ISR. On CCO we have a very good document for ZBFW and WAAS intigration, see below
If you still need to run CBAC, then recommended solution in my first post should work for you.
If the router is in the middle of TCP optamization path, then depending upon optamization product you need to configure the firewall feature like anyother firewall. for Cisco WAAS we have "ip inspect WAAS enable".
Hope this has answer your question. Thanks.
Ahsan Khan
10-28-2010 02:11 PM
WCCP and CBAC can not work together on an IOS router, If you need to enable FW feature set on router while running WCCP please use ZBFW. On the other hand since CBAC is not zone base, and applied on an interface only you can follow below workaround.
3945 LAN interface: ip wccp 62 redirect in / ip wccp 61 redirect out
3945 WAN interface: ip inspect name fw out
3945 SM 1/0 interface: internal connection to SM-SRE module (ip wccp redirect exclude in)
Let me know if this answer your question.
Ahsan Khan
10-31-2010 08:43 AM
Thanks for the info. I'll have to test it to see how it works.
When you say WCCP and CBAC not working together, is it specific to 3945 router or 15.1 IOS? or any ISR and IOS in general?
Is it the same issue if the router is in the middle of a TCP optimization path?
Thanks again
11-01-2010 06:44 AM
Hi,
This is in general for IOS / ISR. On CCO we have a very good document for ZBFW and WAAS intigration, see below
If you still need to run CBAC, then recommended solution in my first post should work for you.
If the router is in the middle of TCP optamization path, then depending upon optamization product you need to configure the firewall feature like anyother firewall. for Cisco WAAS we have "ip inspect WAAS enable".
Hope this has answer your question. Thanks.
Ahsan Khan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide