12-28-2011 10:52 PM
Hello,
I am trying to configure a basic access list on a branch WAE. I wish to only accelerate traffic going to net 10.10.10.0/24. When I enter this command however it blocks all inbound traffic as well. Am I doing something very stupid ? Also, There is a RTT of 600ms. This keeps dropping the connection to the CM saying the device status is offline. Is there a specific timer I can use tomake this more robust.
ip access-list extended tennet
permit ip any 10.10.10.0 255.255.255.0
interface InlineGroup 1/1
ip access-group tennet out
Best regards
Stephen
Solved! Go to Solution.
01-02-2012 02:27 AM
Hi Stephen,
I'm not aware of any specific timers that will fix this.
If you're remote WAE constantly show up as offline, this migth indicate som other problems.
600 ms RTT (satellite ??) shouldn't itself be of any major concern unless you're loosing a lot of packets.
Do you have any possibility of ensuring that CM<->WAE traffic (i.e. tcp port 443) get prioritised by QoS ?
Enabling fast offline detection will ensure that devices are detected offline faster, but I don't think this will fix you problem.
I've previously created a WAAS setup running across a satellite network with RTTs btw. 700 and 1500 ms and never encountered these kind of problem.
Never used Secure Store though as this requires CM connectivity more or less constantly.
regards
Finn
12-29-2011 12:44 AM
Hi Stephen,
What you have done is to configure an Interface ACL, which controls the access to/through the device (like a router ACL).
I think you need to use an Interception ACL which controls the "interception".
Check this :
and CLI :
So you'll need to configure this globally :
interception access-list tennet
and remove it from the inline ports config.
Best regards
Finn
12-29-2011 04:27 AM
Hello Finn,
Thank you very much. That was exactly it.
Do you have any idea about the secondary question regarding the timers. This is very frustrating, The CM gets a ping timeout so I cannot open the secure store from the remote WAE. The branch WAE always shows as offline in the CM. I need to know which timers I can set. As a reminder, the RTT is +/- 600ms.
Best regards
Stephen
01-02-2012 02:27 AM
Hi Stephen,
I'm not aware of any specific timers that will fix this.
If you're remote WAE constantly show up as offline, this migth indicate som other problems.
600 ms RTT (satellite ??) shouldn't itself be of any major concern unless you're loosing a lot of packets.
Do you have any possibility of ensuring that CM<->WAE traffic (i.e. tcp port 443) get prioritised by QoS ?
Enabling fast offline detection will ensure that devices are detected offline faster, but I don't think this will fix you problem.
I've previously created a WAAS setup running across a satellite network with RTTs btw. 700 and 1500 ms and never encountered these kind of problem.
Never used Secure Store though as this requires CM connectivity more or less constantly.
regards
Finn
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide