Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2000
Views
0
Helpful
3
Replies

WAAS interception access list

Go to solution
fisherstephen
Level 1
Level 1

‎12-28-2011 10:52 PM

Hello,

I am trying to configure a basic access list on a branch WAE. I wish to only accelerate traffic going to net 10.10.10.0/24. When I enter this command however it blocks all inbound traffic as well. Am I doing something very stupid ? Also, There is a RTT of 600ms. This keeps dropping the connection to the CM saying the device status is offline. Is there a specific timer I can use tomake this more robust.

ip access-list extended tennet

  permit ip any 10.10.10.0 255.255.255.0

interface InlineGroup 1/1
ip access-group tennet out

Best regards

Stephen

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
finn.poulsen
Level 3
Level 3
In response to fisherstephen

‎01-02-2012 02:27 AM

Hi Stephen,

I'm not aware of any specific timers that will fix this.

If you're remote WAE constantly show up as offline, this migth indicate som other problems.

600 ms RTT (satellite ??) shouldn't itself be of any major concern unless you're loosing a lot of packets.

Do you have any possibility of ensuring that CM<->WAE traffic (i.e. tcp port 443) get prioritised by QoS ?

Enabling fast offline detection will ensure that devices are detected offline faster, but I don't think this will fix you problem.

I've previously created a WAAS setup running across a satellite network with RTTs btw. 700 and 1500 ms and never encountered these kind of problem.

Never used Secure Store though as this requires CM connectivity more or less constantly.

regards

Finn

View solution in original post

0 Helpful
3 Replies 3

Go to solution
finn.poulsen
Level 3
Level 3

‎12-29-2011 12:44 AM

Hi Stephen,

What you have done is to configure an Interface ACL, which controls the access to/through the device (like a router ACL).

I think you need to use an Interception ACL which controls the "interception".

Check this :

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v441/configuration/guide/ipacl.html#wp1054042

and CLI :

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v441/command/reference/glob_cfg.html#wp1932611

So you'll need to configure this globally :

interception access-list tennet

and remove it from the inline ports config.

Best regards

Finn

0 Helpful

Go to solution
fisherstephen
Level 1
Level 1
In response to finn.poulsen

‎12-29-2011 04:27 AM

Hello Finn,

Thank you very much. That was exactly it.

Do you have any idea about the secondary question regarding the timers. This is very frustrating, The CM gets a ping timeout so I cannot open the secure store from the remote WAE. The branch WAE always shows as offline in the CM. I need to know which timers I can set. As a reminder, the RTT is +/- 600ms.

Best regards

Stephen

0 Helpful

Go to solution
finn.poulsen
Level 3
Level 3
In response to fisherstephen

‎01-02-2012 02:27 AM

Hi Stephen,

I'm not aware of any specific timers that will fix this.

If you're remote WAE constantly show up as offline, this migth indicate som other problems.

600 ms RTT (satellite ??) shouldn't itself be of any major concern unless you're loosing a lot of packets.

Do you have any possibility of ensuring that CM<->WAE traffic (i.e. tcp port 443) get prioritised by QoS ?

Enabling fast offline detection will ensure that devices are detected offline faster, but I don't think this will fix you problem.

I've previously created a WAAS setup running across a satellite network with RTTs btw. 700 and 1500 ms and never encountered these kind of problem.

Never used Secure Store though as this requires CM connectivity more or less constantly.

regards

Finn

0 Helpful
Customers Also Viewed These Support Documents