Solved: Re: WAE to WAE optimization possible where each WAE is owned by different people?

jbekk · ‎06-21-2018

Interesting situation and question that I am hoping someone can answer or at least provide guidance to. Two companies are merging and need to get WAAS solutions to communicate with one another.

Is it possible to have optimization flowing between 2x WAEs where each is managed by a separate CM?

I believe if auto-discovery is used, the appliances should be able to see one another and optimization should be achieved. If anyone has specific guidance or experience here I'd appreciate it. Thanks.

John Gaskell · ‎06-22-2018

I looked into this a few years ago. If the two CM's and their policies are compatible, it should technically work. But Cisco would not, I think they said, support this configuration.

View solution in original post

Beau Clark · ‎06-22-2018

Yes they will accelerate just fine, my company merged with another company and all my WAN accelerators peered with all of their WAN accelerators with no problem. If there is a firewall between your network and theirs, and it is an ASA, make sure to put"inspect WAAS" in the global policy. If it is a non-cisco firewall, you have to turn off stateful inspection. If there is a firewall, and you do not do this, it will cause huge delays in communication.

So, as long as there is no firewall issue, the only issues you will experience will be with encrypted traffic. Encrypted domain SMB traffic will cause errors on your devices about the other domain. Any SSL certificates you have added in your CM will not be in their WAE devices.

View solution in original post

John Gaskell · ‎06-22-2018

I looked into this a few years ago. If the two CM's and their policies are compatible, it should technically work. But Cisco would not, I think they said, support this configuration.

Beau Clark · ‎06-22-2018

Yes they will accelerate just fine, my company merged with another company and all my WAN accelerators peered with all of their WAN accelerators with no problem. If there is a firewall between your network and theirs, and it is an ASA, make sure to put"inspect WAAS" in the global policy. If it is a non-cisco firewall, you have to turn off stateful inspection. If there is a firewall, and you do not do this, it will cause huge delays in communication.

So, as long as there is no firewall issue, the only issues you will experience will be with encrypted traffic. Encrypted domain SMB traffic will cause errors on your devices about the other domain. Any SSL certificates you have added in your CM will not be in their WAE devices.

jbekk · ‎09-24-2018

So I've been doing a lot of validation work on this one over the last few months:

It does work provided settings are 100% aligned. Didn't quite get around to enabling SMB accelerators yet... so domain join and domain consistency end-to-end isn't something I can comment upon.
Cisco only support solutions that are detailed in official documentation. You will not be supported by Cisco for inter-solution WAE to WAE peering.
The WAAS solution's "auto-discovery" capability will automatically build acceleration tunnels between the WAE closest to the client and server end-user devices in the routing path. So having a back-to-back WAE solution in an intermediate location may not work as you planned/thought.
WAEs negotiate the lowest common denominator capabilities between them automatically as part of the initial connection setup.

Thanks.