Hello Tammy,

Tammy Cox · ‎03-28-2016

Looking to understand why I don't always see the PT reason noted correctly.

Scenario:

I have a WAAS at site A and a WAAS at site B. Both run 5.3.1 code. Neither go into TFO overload.

I have a policy configured with action = Passthrough for destination port range 44441-444443.

Seeing PT App Cfg as the reason for the passthrough is what I expect to see, but it isn't always the case.

Yes, the action is correct, but the PT reason is not consistent.

Note: I am seeing both source and destination hitting the PT App Cfg

10.1.2.x is located at site A. 10.5.6.x is located at site B.

Example below:

site A#sh stat conn | i 44443

10.1.2.8:44443   10.5.6.18:48657   N/A              PT App Cfg <---source port
10.5.6.15:57557 10.1.2.8:44443    N/A              PT In Progress <---destination port
10.1.2.8:44443   10.5.6.16:55120   N/A              PT In Progress <---source port
10.5.6.12:38179 10.1.2.9:44443    N/A              PT App Cfg <---destination port

Hami · ‎04-06-2016

Hello Tammy,

Have you checked the connection statistics on Site B at the same time.

your configuration is to pass-through traffic for port range 44441 -44443. can u paste the config?

Tammy Cox · ‎04-06-2016

Hi,

Yes, I checked the B side. Both sides showed the same behavior. I expect to see PT App Cfg as the reason, but not both PT App Cfg and PT In Progress. I also verified that the policies were correct on both WAAS.

Here is the snip of the config statements - same on both ends:

class-map type waas match-any WAM
match tcp destination port 44441 44443
exit

policy-map type waas WAAS-GLOBAL

class WAM
pass-through application WAM-Services
exit

------and we can see the policy is matching correctly-------

Class WAM ( 35828736 flow-matches)
pass-through application WAM-Services

WAAS PT App Cfg versus PT In Progress