01-03-2012 04:21 AM
Hello,
My WAAS configuration is up and running but I have lost the graphs from the CM dashboard. Can you tell me how to retrieve them please ?
Also, I have set up the service to intercept and optimise SSL traffic but it just logs them as pass-through only. How can I confirm the WAE-WAE peering is working correctly. The branch side is inline and the core side WCCP.
Best regards
Stephen
Solved! Go to Solution.
01-03-2012 08:53 PM
Hi Stephen,
No you do not have to import the server side WAE certificate to branch side WAE.
Looks like you may want to open a TAC case to handle this one. Policies and Traffic path (Asymmetric route) are the most likely reason why theo ptimization does not work.
Regards.
01-03-2012 11:37 AM
Hi Stephen,
Not sure about the WAAS CM graph issue. There were couple of defects on this one in earlier releases. If you can provide us sh ver from CM or version details from CM, it may help us. Couple of things you may want to try:
1. Make sure is - open port 8443 and 443 between CM and WAEs.
2. You can try database repair on CM.
WAVE294-1#cms database maintenance full
WAVE294-1#cms database validate
About the SSL config, few questions:
1. Is this working between other sites?
2. was this working before or this is the first time you are trying to optimize SSL?
3. Please follow the steps mentioned in this link to make sure the config is defined properly: http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v441/configuration/guide/policy.html#wp1096862
4. When you say that connection is in pass thru, what exactly it is showing up as ? PT Pass thru or PT pass thru due to policy configured?
Regards.
01-03-2012 07:41 PM
Hello Bhavin,
It all appears as in the document. A simple question, Do I have to generate a certificate on the core WAE and import into the branch WAE ? I can see the traffic being hit based on my interception access lists but none of it is being optimised and all classified as 'pass-thru'. The server ceritifcate is correctly installed on the CM and both WAEs have the secure store initialised and open. I have correctly defined the SSL application (443), classifier and policy.
This is from the core WAE
WADMZJA02#sh stat tfo detail
Total number of connections : 0
No. of active connections : 0
No. of pending (to be accepted) connections : 0
No. of bypass connections : 0
No. of normal closed conns : 0
No. of reset connections : 0
Socket write failure : 0
Socket read failure : 0
WAN socket close while waiting to write : 0
AO socket close while waiting to write : 0
WAN socket error close while waiting to read : 0
AO socket error close while waiting to read : 0
DRE decode failure : 0
DRE encode failure : 0
Connection init failure : 0
WAN socket unexpected close while waiting to read : 0
Exceeded maximum number of supported connections : 0
Buffer allocation or manipulation failed : 0
Peer received reset from end host : 0
DRE connection state out of sync : 0
Memory allocation failed for buffer heads : 0
Unoptimized packet received on optimized side : 0
Data buffer usages:
Used size: 0 B, B-size: 0 B, B-num: 0
Cloned size: 0 B, B-size: 0 B, B-num: 0
Buffer Control:
Encode size: 0 B, slow: 0, stop: 0
Decode size: 0 B, slow: 0, stop: 0
AckQ Control:
Total: 0, Current: 0
Scheduler:
Queue Size: IO: 0, Semi-IO: 0, Non-IO: 0
Total Jobs: IO: 0, Semi-IO: 0, Non-IO: 0
Policy Engine Statistics
-------------------------
Session timeouts: 0, Total timeouts: 0
Last keepalive received 00.3 Secs ago
Last registration occurred 16:59:39.8 Hours:Mins:Secs ago
Hits: 1036, Update Released: 1007
Active Connections: 0, Completed Connections: 27
Drops: 0
Rejected Connection Counts Due To: (Total: 2)
Not Registered : 2, Keepalive Timeout : 0
No License : 0, Load Level : 0
Connection Limit : 0, Rate Limit : 0
Minimum TFO : 0, Resource Manager : 0
Global Config : 0, TFO Overload : 0
Server-Side : 0, DM Deny : 0
No DM Accept : 0
Auto-Discovery Statistics
-------------------------
Total Connections queued for accept: 0
Connections queuing failures: 0
Socket pairs queued for accept: 0
Socket pairs queuing failures: 0
AO discovery successful: 0
AO discovery failure: 0
WADMZJA02#sh stat appl SSL
Application Inbound Outbound
---------------------- ----------------------
SSL
Opt TCP Plus:
Bytes 0 0
Packets 0 0
Orig TCP Plus:
Bytes 0 0
Packets 0 0
Opt Preposition:
Bytes 0 0
Packets 0 0
Orig Preposition:
Bytes 0 0
Packets 0 0
Opt TCP Only:
Bytes 0 0
Packets 0 0
Orig TCP Only:
Bytes 0 0
Packets 0 0
Internal Client:
Bytes 1116201 2690394
Packets 7147 7904
Internal Server:
Bytes 1242 2543
Packets 13 9
PT Client:
Bytes 0
Packets 0
PT Server:
Bytes 3934411
Packets 24296
Active Completed
---------------------- ----------------------
Opt TCP Plus 0 0
Preposition 0 0
Opt TCP Only 0 0
Internal Client 0 790
Internal Server 0 2
PT No Peer 0 0
PT Config 0 0
PT Intermediate 0 0
PT_Other 0 900
The branch WAE
WAHKHK01#sh stat appl SSL
Application Inbound Outbound
---------------------- ----------------------
SSL
Opt TCP Plus:
Bytes 0 0
Packets 0 0
Orig TCP Plus:
Bytes 0 0
Packets 0 0
Opt Preposition:
Bytes 0 0
Packets 0 0
Orig Preposition:
Bytes 0 0
Packets 0 0
Opt TCP Only:
Bytes 0 0
Packets 0 0
Orig TCP Only:
Bytes 0 0
Packets 0 0
Internal Client:
Bytes 3055670 7711010
Packets 20596 26199
Internal Server:
Bytes 3707 8357
Packets 38 32
PT Client:
Bytes 447089031
Packets 470767
PT Server:
Bytes 134129850
Packets 384601
Active Completed
---------------------- ----------------------
Opt TCP Plus 0 0
Preposition 0 0
Opt TCP Only 0 0
Internal Client 2 2171
Internal Server 0 6
PT No Peer 0 115
PT Config 0 0
PT Intermediate 0 0
PT_Other 16 14624
Best regards
Stephen
01-03-2012 08:53 PM
Hi Stephen,
No you do not have to import the server side WAE certificate to branch side WAE.
Looks like you may want to open a TAC case to handle this one. Policies and Traffic path (Asymmetric route) are the most likely reason why theo ptimization does not work.
Regards.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: