since our upgrade to WAAS 4.1 we have had a couple of occurances where some users at a remote site cannot access the internet.Internet access from remote sites is via a proxy at head office. this has happened 3 times over the last two weeks at 2 of our remote sites. Reloading the head office WAAS seems to cure the problem, has anybody else seen anything else like this?
Out of curiosity, what kind of proxy is at the head office? Do the clients use a proxy client or web browser setting. Also, what port are they using for the proxy?
sorry Dan the last message not true, the CE566 is the web cache, the proxy is actually a Trend Micro IWSS ver 2.3 running on a windows 2003 server
Thanks for the update. I don't see anything from that end of things (ACNS and IWSS) that looks impactful, allthough it's possible that the TCP options for autodiscovery might be causing issues, is there a firewall as well?
I thought of a couple more questions: What version of WAAS are you running? Only 8080 traffic is impacted? You mention a couple of users, but other users at the same site are OK? What about internal web (80) traffic?
Try putting 8080 traffic into PT via a customer app policy and see if that helps. That may help us narrow it down.
Is the remote site using an IPSEC/GRE tunnel back to head office? If so, check the mtu size on the tunnel interface. I had the same issue with sporadic web surfing problems when the waas was put in. Although it wasn't a waas problem, it seemed to exacerbate it.
I was running WAAS 188.8.131.52, but on advice from Cisco TAC I am upgrading to 4.1.1a.10, I have an open case#609740621 regarding Kernel crashes, no firewall involved and yes some users at the same site ok, also if we bypass the proxy( go staight to the cache) is also ok, and internal port 80 traffic ok. This is all traffic that goes across the WAN.I am afraid its being a very "shotgun" approach, and reloading the Head office WAAS coincides with the problem going away.
I see if the situation improves once all upgraded to 4.1.1a ..by the way one thing i noticed when upgrading to 4.1.1a, I use secure store when telnet in and do cms commands see result below
BATWAD01#sh cms secure-store
secure-store is initialized and not open.
BATWAD01#cms secu open
secure-store is already open
so then clear and re-intialise and open
i have at the moment the same in two of my 13 locations, http traffic (both on port 80 aswel as 8080) have come to a grinding halt, im on 4.1.1c at the moment. It looks to me as if some sockets run out and that a new user has to wait till there are free more resources.. any results on your TAC case and has this happen to you also with the 4.1.1 version upgrade ?