08-06-2009 03:04 AM
Dear All,
I have two different locations (Site-A and Site-B) and i am trying to implement WAAS. In my design I placed the WAE devices (CM, core, edge) on different vlans and connected them physically to subinterfaces of the related ASA firewall on each site.
For my WAE devices the gateway is the related subinterface of the firewalls and the edge routers are the next hop. All WAE devices can communicate with each other. in the diagnostics tests all pass except the WCCP fail.
For WCCP test i am getting the following error message:
WARN BAD_WCCP_RTR WAE does not see router 10.10.10.1
Recommendation: Check if WCCP router address is correct, reachable and configured to use WCCP.
FAIL NO_WCCP_RTRS Device does not see any of WCCP routers
10.10.10.1 is the gateway for the WAE and it is the subinterface on the firewall.
I enabled WAAS inspection on the ASA firewalls. Do i need to add the routers to the WAE devices and enable wccp on the routers which are the next hop for my wae devices?
As i mentioned above i placed the WAE devices on one of the subinterface of the related firewall and then i have the routers after the firewall as a next hop.
Is that a correct design or i have to place the WAE devices between the firewall and the edge routers?
Thank you for your kind advice and assistance.
Regards,
ferhat micoogullari
08-06-2009 01:22 PM
Do you have WCCP enabled on your ASA?
08-06-2009 01:27 PM
08-07-2009 02:39 AM
Thanks for your kind reply.
on the ASA the WCCP is enabled but on the remote site i have the edge WAE and the clients on different subinterfaces and vlans. in HQ i have the core WAE and the servers on different subisterfaces and vlans.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/dhcp.html#wp1094445
In the link above it says:
"WCCP redirect is supported only on the ingress of an interface. The only topology that the security appliance supports is when client and cache engine are behind the same interface of the security appliance and the cache engine can directly communicate with the client without going through the security appliance. "
does it mean that I have to put the edge WAE on the same vlan with the clients and the core WAE with the servers vlan?
08-07-2009 01:40 PM
Ferhat,
Are you trying to use WCCP on the ASA to redirect traffic to WAAS? If so, the WCCP implementation in ASA is not compatible with WCCP on WAAS.
Regards,
Zach
08-09-2009 07:59 AM
Zach,
What exactly is/are the incompatibilities between WAAS and ASA?
thanks,
Brian
08-10-2009 07:20 AM
Brian,
The biggest issue is that the WCCP implementation in ASA does not support WCCP services that preserve the client IP address.
Regards,
Zach
08-09-2009 11:51 PM
Hi Zach,
true, i am trying to use WCCP on the ASA to redirect the traffic to WAAS.
Instead of connecting the WAAS device to the edge router I connected it to the ASA and trying to do the redirection (the router is the next hop).
If the WCCP implementation in ASA is not compatible with WCCP on WAAS then i should change my design and connect the WAAS to the router, not to the ASA.
Is that the case?
Kind Regards,
ferhat
08-10-2009 07:21 AM
Ferhat,
Can you please share a topology diagram of your proposed design?
Thanks,
Zach
09-01-2009 10:57 AM
Hi Zach, I'm starting with a WAAS labo, I'm using a WAE-502 module which is embedded on the 2811 router, i'm confused especially the concept of subinterfaces. I understand when the WAAS is an external appliance connected to the router, but what happens when the card is embedded?
What is the right way to configure the integrated-service-modulo with a subinterface?
Thanks a lot for your help
David
09-09-2009 09:59 PM
Configuring Cisco WAAS Network Modules for Cisco Access Routers
interface integrated-service-module1/0
ip address 10.10.10.1 255.255.255.0
service-module ip address 10.10.10.2 255.255.255.0
service-module ip default-gateway 10.10.10.1
You will want something similar to the above. It will create a subnet inside the router for the WAE module. The interface IP is the router IP in this subnet. The service-module IP and GW are the settings on the NME.
- Dan
09-18-2009 01:44 PM
Hi Dan, thanks for your mail and help, please be nice I'm starting with WAAS. My network is 172.23.2.0/24. There is no vlans yet for PC users and servers, so my WAE Central Manager has the IP 172.23.2.100 and my NM-WAE will have this configuracion:
interface integrated-service-module1/0
ip address 10.10.10.1 255.255.255.0
service-module ip address 10.10.10.2 255.255.255.0
service-module ip default-gateway 10.10.10.1
On the remote site:
Network address: 172.23.4.0/24
And the remote NM-WAE:
interface integrated-service-module1/0
ip address 10.10.20.1 255.255.255.0
service-module ip address 10.10.20.2 255.255.255.0
service-module ip default-gateway 10.10.20.1
Please help me to validate the configuration, it doesn't matter is the NM-WAE has different network address?
They will be able to register without any problem in the Central Manager.
Thanks again Dan for your suggestions.
All the best.
David.
09-24-2009 09:03 PM
you will want to review the following link for general WAAS/WCCP deployments.
Cisco Wide Area Application Services Quick Configuration Guide (Software Version 4.1.3)
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v413/quick/guide/waasqcg.html
HTH,
Dan Laden
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide