ASA not authenticating waas 512

Srin_G · ‎02-21-2013

Hi Guys,

Got a issue here with trying to authenticate a cisco waas with ASA.

Below is the debug message in the asa:

WCCP-EVNT:D61: Here_I_Am packet from 10.97.40.25: authentication failure

WCCP-EVNT:D62: Here_I_Am packet from 10.97.40.25: authentication failure

WCCP-EVNT:D61: Here_I_Am packet from 10.97.40.25: authentication failure

WCCP-EVNT:D62: Here_I_Am packet from 10.97.40.25: authentication failure

WCCP-EVNT:D61: Here_I_Am packet from 10.97.40.25: authentication failure

WCCP-EVNT:D62: Here_I_Am packet from 10.97.40.25: authentication failure

!

Global WCCP information:
    Router information:
        Router Identifier:                   -not yet determined-
        Protocol Version:                    2.0

    Service Identifier: 61
        Number of Cache Engines:             0
        Number of routers:                   0
        Total Packets Redirected:            0
        Redirect access-list:                wccp_list
        Total Connections Denied Redirect:   0
        Total Packets Unassigned:            0
        Group access-list:                   -none-
        Total Messages Denied to Group:      0
        Total Authentication failures:       10370
        Total Bypassed Packets Received:     0

I have attached the network layout!

I use wccp-gre and wccp negotion in the waas connected to nexus!

The WCCP-L2 has no issues at the edge site.

Any inputs on this issue is appreciated

regards

Felix Arrieta · ‎02-22-2013

Not 100% sure but I think you are hitting the following bug CSCts15920

please check the workaround and current ASA version:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCts15920

Felix

Srin_G · ‎02-23-2013

Thanks mate.
We run v 8.6.1 in the Asa and 4.4.5c in the wae apparently Cisco doco says that bug has been fixed in 8.6.1!

Sent from Cisco Technical Support iPhone App

Felix Arrieta · ‎02-25-2013

Well, if the password is the same on both units and still not authenticating sounds like a bug to me, I suggest to follow the workaround by now and open a TAC case to check on ASA and WAAS statements, replicate the problem and see how it goes.. chances are either a wrong configuration or guideline not being follow or a new bug.

Regards,

Felix

Srin_G · ‎03-08-2013

Cisco doc say ASA version 9 doesn't support waas devices?!

Sent from Cisco Technical Support iPhone App

Felix Arrieta · ‎03-19-2013

really! I wonder why... can you share that doc please.

Felix

Srin_G · ‎03-19-2013

yeah i cant believe it either! http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/access_wccp.html#wp1105267

The following WCCPv2 features are not supported for the ASA:

•Multiple routers in a service group.

•Multicast WCCP.

•The Layer 2 redirect method.

•WCCP source address spoofing.

•WAAS devices.

Felix Arrieta · ‎03-19-2013

I will try to set up a lab and let you know if there'sa nythnig helpful.... I have move to another technology and I really have no time right now..=(..

good luck!

Felix,

Srin_G · ‎03-19-2013

no worries mate. We are thinking of using 2911 with security license and working on it in the lab.

cheers