cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1298
Views
0
Helpful
7
Replies

WAAS Questions

Jkloza_2
Level 1
Level 1

Hello all,


I've started configuring WAAS devices for my network and have run into a few questions.  I'm using WCCP redirection, not inline mode and the topology looks like:

WAAS.jpg

I currently cannot get my WAE from directly outside our firewall to register w/ the Central Management server.  I've got the control ports opened in my firewall, which I've researched as being UDP / 2048.  I'm trying to figure out why it's not connecting, if it's my firewall blocking the traffic, or if I misconfigured something on the WAE's / Routers.

From all the documentation that i've read it's as simple as running the setup on your WAE's, & pointing them back to your central manager, but i'm not so naive to think that it's going to be that easy :).  I did this, & configured WCCP on my HQ router, and I don't see the WAE's showing up in my CM.

Also, the WAE674's are on seperate subnets, off the router, not on my internal LAN, or on my network segment between the firewall & my router.  I created a new network segment off of the router, because this is the way I interpreted the documentation.  Is that correct? 

I shouldnt be running into issues with the firewall correct?  All acceleration is being done outside, and the central management device is just for policy updates, etc?  Any thoughts as to why this isn't working would be very helpful.

Thanks!

Jon

4 Accepted Solutions

Accepted Solutions

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Jon,

TCP/443 is what you need to allow, 8443 of course for manegement ;-)

Marcin

View solution in original post

Jon,

UDP 2048 is WCCP

http://en.wikipedia.org/wiki/Web_Cache_Communication_Protocol

WAE will open to CM: tcp/443 and maybe tcp/22-23 if you manage from there.

check "show cms info" on accelarators to see if they are properly registered.

Marcin

View solution in original post

Hi Jon,

As per Marcin's comments, UDP port 2048 is used by WCCP for WCCP HIA/ISU packet exchange.

You will need port 22 / SSH open between WAE and CM to register and talk to each other.

Regards.

PS: Pelase mark thsi as Answered, if this resolves your issue.

View solution in original post

Jon,


Yes that's a very neat design and gives you flexability to choose which protocols you want to accelarate also on router level.

Typically you can remove management (ssh, https, 8443) protocols on this level.

Plus with WCCP it's more scalabale if you want to add more routers or WAEs in the future.

Marcin

View solution in original post

7 Replies 7

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Jon,

TCP/443 is what you need to allow, 8443 of course for manegement ;-)

Marcin

I've already got 443 open...  So you're saying for the WAE's to be "registered" to the central management server, that's all that needs to be open?  It doesnt seem right because i've done traffic caputres from my firewall, and I see a control port :2048 UDP trying to pass through..


Not sure here, so any help is much appreciated.

Jon

Jon,

UDP 2048 is WCCP

http://en.wikipedia.org/wiki/Web_Cache_Communication_Protocol

WAE will open to CM: tcp/443 and maybe tcp/22-23 if you manage from there.

check "show cms info" on accelarators to see if they are properly registered.

Marcin

Hi Jon,

As per Marcin's comments, UDP port 2048 is used by WCCP for WCCP HIA/ISU packet exchange.

You will need port 22 / SSH open between WAE and CM to register and talk to each other.

Regards.

PS: Pelase mark thsi as Answered, if this resolves your issue.

All,


Thanks so much for the advice.  Opened up SSH through my firewall, and everything seems to be registered to my CM.  I guess the last question is, does the design look correct for WCCP redirection?  Currently both of my accelerators are hanging off an extra port on my 3845 routers.  Does this look right?

Again, the help is very appreciated.


Jon

Jon,


Yes that's a very neat design and gives you flexability to choose which protocols you want to accelarate also on router level.

Typically you can remove management (ssh, https, 8443) protocols on this level.

Plus with WCCP it's more scalabale if you want to add more routers or WAEs in the future.

Marcin

Thank you very much for the help.  It is much appreciated!

Jon

Review Cisco Networking for a $25 gift card