02-21-2013 09:23 PM
Hi Guys,
Got a issue here with trying to authenticate a cisco waas with ASA.
Below is the debug message in the asa:
WCCP-EVNT:D61: Here_I_Am packet from 10.97.40.25: authentication failure
WCCP-EVNT:D62: Here_I_Am packet from 10.97.40.25: authentication failure
WCCP-EVNT:D61: Here_I_Am packet from 10.97.40.25: authentication failure
WCCP-EVNT:D62: Here_I_Am packet from 10.97.40.25: authentication failure
WCCP-EVNT:D61: Here_I_Am packet from 10.97.40.25: authentication failure
WCCP-EVNT:D62: Here_I_Am packet from 10.97.40.25: authentication failure
!
Global WCCP information:
Router information:
Router Identifier: -not yet determined-
Protocol Version: 2.0
Service Identifier: 61
Number of Cache Engines: 0
Number of routers: 0
Total Packets Redirected: 0
Redirect access-list: wccp_list
Total Connections Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 10370
Total Bypassed Packets Received: 0
I have attached the network layout!
I use wccp-gre and wccp negotion in the waas connected to nexus!
The WCCP-L2 has no issues at the edge site.
Any inputs on this issue is appreciated
regards
02-22-2013 08:30 AM
Not 100% sure but I think you are hitting the following bug CSCts15920
please check the workaround and current ASA version:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCts15920
Felix
02-23-2013 02:45 AM
Thanks mate.
We run v 8.6.1 in the Asa and 4.4.5c in the wae apparently Cisco doco says that bug has been fixed in 8.6.1!
Sent from Cisco Technical Support iPhone App
02-25-2013 10:37 AM
Well, if the password is the same on both units and still not authenticating sounds like a bug to me, I suggest to follow the workaround by now and open a TAC case to check on ASA and WAAS statements, replicate the problem and see how it goes.. chances are either a wrong configuration or guideline not being follow or a new bug.
Regards,
Felix
03-08-2013 05:49 AM
Cisco doc say ASA version 9 doesn't support waas devices?!
Sent from Cisco Technical Support iPhone App
03-19-2013 02:47 PM
really! I wonder why... can you share that doc please.
Felix
03-19-2013 03:01 PM
yeah i cant believe it either! http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/access_wccp.html#wp1105267
The following WCCPv2 features are not supported for the ASA:
•Multiple routers in a service group.
•Multicast WCCP.
•The Layer 2 redirect method.
•WCCP source address spoofing.
•WAAS devices.
03-19-2013 03:29 PM
I will try to set up a lab and let you know if there'sa nythnig helpful.... I have move to another technology and I really have no time right now..=(..
good luck!
Felix,
03-19-2013 04:17 PM
no worries mate. We are thinking of using 2911 with security license and working on it in the lab.
cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide