Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3207
Views
0
Helpful
1
Replies

Problems with registering WAAS-Express device at CM

joepena2012
Level 1
Level 1

‎02-03-2011 11:08 PM

Hi all,

In an evaluation i started using WAAS Express in our WAAS environment.

Currently i'm using three routers with WAAS_Express. Due some reason i have problems to register one of the devices.

The device registration were sucessfull

Feb  3 13:47:39: %WAAS-6-WAAS_CM_REGISTER_SUCCESS: IOS-WAAS registered with Central Manager successfully

After a while WAAS express device became offline on Central manager due the following reason:

Critical: SSL Handshake failed while communicating with WAAS Express device

To make sure that we do not have any problems with the installed certificates i renewed the WAAS express client certificate and reimported the CM certificate.

Now to my questions:

How can i verify/analyze SSL handshake process between CM and WAAS express?

Is there an guide available how to remove all "CM registration relevant" configuration.

Thanks in advance

Dieter

My current sw versions are:

4.3.1 on CM

and 15.1.3T on Cisco2921

1 person had this problem
0 Helpful
1 Reply 1

Michael Schueler
Cisco Employee
Cisco Employee

‎02-09-2011 06:58 AM

Hi Dieter,

Are you using a self-signed certificate on the router? If yes, you need to make sure, to configure a persistent trustpoint on the router as documented here:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtpsscer.html

Also make sure to stick to the following order when configuring the router:

1. Install the trusted certificate to authenticate the Central Manager

2. Configure the persistent trustpoint on the router

3. Enable the HTTP server and associate the persistent trustpoint

4. Use "waas cm-register" command to register with the Central Manager

If you do not use persistent certificates, the router will re-generate the certificate after every reload, which will break the connection between the router and the WAAS Central Manager.

Now, regarding your questions:

> How can i verify/analyze SSL handshake process between CM and WAAS express?

Besides collecting packets captures of the traffic between the router and the CM (e.g. using tcpdump or tethereal on the CM itself, or using RITE on the router), the enabling the following debugs on the router will give some details on the SSL handshake process:

* debug waas management errors

* debug waas management events

* debug ssl openssl errors

* debug ssl openssl msg

* debug ssl openssl states

> Is there an guide available how to remove all "CM registration relevant" configuration.

There is no guide available, unfortunately. The best you can do on the WAAS Express side is completely disable WAAS express including the removal of all config with the "no waas enable remove-config" command on the interface on which you have enabled WAAS Express. Afterwards delete the trustpoint.

Let me know, if you have further questions.

Regards,

Michael

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card