WAAS and IPSEC

Jan Rockstedt · ‎01-27-2011

Hi all,

We have dual WAE's on the core site with 'WCCP Negotiated Return' on dual WAN and one LAN/subnet.

On the edge we have WAE with inlinecard.

If we setup an IPSEC tunnel between the core LAN and edge LAN will there be any design problem with this?

Of couse the WAE will not optimized the traffic.

Jan

pevaneyn · ‎01-27-2011

Hello Jan,

Both WCCP and inline interception methods only intercept TCP IPv4 traffic, so ESP, AH or udp encapsulated VPN traffic should not even get intercepted by the WAAS.

I cannot guarantee that it will work, but I'm fairly confident. Only if the router doing WCCP also starts doing the VPN I would get slightly worried...

Hope this helps, Peter

Jan Rockstedt · ‎01-27-2011

Hey Peter,

Yes I was thinking the same that it shouldt be any problem.

But then I was thinking about the GRE between the WAE "B2B inteface" at the core site.

I couldn't find any problem about the design, but still I need to ask.

I believe that the biggest problem is to get the IPSEC runing over MPLS between one edge site terminated on two core sites. :-)

Thanks Jan

pevaneyn · ‎01-31-2011

Hello Jan,

> I believe that the biggest problem is to get the IPSEC runing over MPLS between one edge site terminated on two core sites. :-)

That can become... interesting.

A tip: people often forget is that IOS you can use a VTI interface to tunnel the IPSec traffic. This often radically simplifies routing and the VRF madness. See here for a IPSec with VTI in a VRF example.

Good luck with your implementation! Peter