WAAS Inline & HSRP Deployment

Similar Messages

• WAAS inline deployment options

  Hi,
  Can someone answer this basic question? I cant seem to find that much documentation on the inline modules.
  Can you confirm whether or not devices can see each other on layer 2 across the two groups of an inline WAAS Ethernet module? i.e., if I have a router connected to the WAN of group 1 and another connected to the WAN of group 2, and the two routers are running HSRP (or even an ASA cluster), will they see each other correctly?
  Thanks

  Thanks for that. So if I had
  Group1 = router1 - WAAS inline group1 - LAN switch
  Group 2 = router2 - WAAS inline group2 - LAN switch
  The routers would see each other through the WAAS and then the LAN switches (as if they were just connected to the switches), but wouldn't see each other directly across the WAAS module? Or you mean they don't see each other at all?
  Cheers

• WAAS Inline Adaper and Microsoft NLB (ISA Server Array)

  Hi
  I would like to place a waas device with 4-port inline adapter  between a MS ISA Firewall and the LAN switches. The ISA are unfortunately forming an array and using NLB which causes the switches to do unknown unicast flooding.
              / Switch A --------------- LAN0   WAN0  ------------ ISA1 ------------- Switch C ---------- Router A
  LAN -- |            |                               WAAS                        Array                        |       HSRP     |
              \ Switch B --------------- LAN1   WAN1  ------------ ISA2 ------------- Switch D ---------- Router B
  Will the WAAS get problems since it is seen all the traffic on both inline groups? Is this setup possible?
  kind regards
  Tobias

  Gary,
  Yes you just need to configuring your firewall to allow TCP options (specifically option 33 (0x21 in HEX)), then configure the WAEs for directed mode.
  The firewall will see a TCP 3-way handshake at first so the two WAEs can auto discover each other and negotiate a UDP directed mode tunnel.
  Once the auto discovery phase is complete traffic traffic sent over the WAN side of the connection will be encapsulated in the UDP 4050 tunnel (so your firewall must allow this traffic through as well).
  Please see the configuration guide section on directed mode here which explains in more detail, and let me know if you have other questions.
  http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v421/configuration/guide/network.html#wpxref53362
  Cheers,
  Mike

• WAAS inline deployment

  Hello All,
  I'm deploying a couple of WAE-512's in "inline" mode for a customer. I have the configuration and seems pretty straight forward, looks like I just need to have the inlinegroup created and allow all VLAN's. I will also have a crossover connection from the gateway router to the WAE and straight through from the WAE to the core LAN infrastructure. Is there any other things I should look out for?, gotcha's,etc?. Just looking to see what other people experiences have been with this type of deployment. Thanks for your help!

  Beware of duplex issues that can pop-up from time to time on FE connections, hard coding can help avoid that. I would also suggest portfast where applicable ie switchports.

• Waas inline in L2 environment

  Hi,
  A new WAAS installation is planed. The customer has 3 sites with one WAAS on each. On each site, there is no core layer. The L3 device is the ISP router. So, the WAAS will be plugged via inline interfaces between the ISP router and a switch. The WAAS will received all L2 broadcast from the LAN. There is no L3 point-to-point dedicated network between the router and the switch.
  Is this scenario could be an issue ?
  Rgds.

  Wow, cant believe noone answered this for two years!
  I´m having the similar WAAS deployment, check this link out:
  http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/white_paper_C11-560131.pdf

• WAAS inline adapter issue

  There isn't any lights on the 4 port inline adapter in the WAAS.  When I plug in a wire none of the ports light up.  Is there some kind of configuration, That I need to do to turn on these ports?  Please help!  Thank you

  Hi,
  You definitely need an Inline Adapter to setup WAAS 674 for inline interception mode. The built in Gig interfaces cannot be used for inline interception but can be used for WCCP or PBR. Inline adapter comes in a group LAN port and a WAN port.
  Regards
  Kiran.

• ISE | Inline VPN deployment Issue

  Hi,
  I have ASA which I use for internet access and VPN gateway. I am trying to deploy ISE inline VPN node, but i found that the users traffic (from inside to internet) denied by the Inline node (users return traffic from untrusted port to trusted is blocked).... It is only permitted if i add the real IP subnet , i need to access , in the filter tab.
  This is not practical because i can not exclude all internet addresses.
  My questions are:
  1) Is Inline VPN designed to be used only with dedicated VPN GWs?
  2)Is there any workaround for this?
  Thanks for any support.

  The ASA code you need is 9.2.1 or later.  This allows the ASA to perform CoA, thus negating the need for the Inline Posture Node.
  In which mode is the IPN working?  Bridged or Routed?
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• WAAS inline without module?

  Is it possible to use a WAE appliance (WAE-512-K9) as an inline device without purchasing a WAE-INLN-4CG=? The device has 2 NICS, and I really wouldn't have a need for more than 1 port in and 1 port out.
  Thanks,
  Jason

  Jason,
  The inline module is required to deploy the WAE using inline interception.
  Thanks,
  Zach

• WAAS Inline Network Adapter Required for 674 Appliance Inline Mode?

  Is an Inline Network Adpater required to setup a WAAS 674 Appliance in Inline Interception Mode or can the two inbuilt interfaces Gi1/0 anf Gi2/0 be used?

  Hi,
  You definitely need an Inline Adapter to setup WAAS 674 for inline interception mode. The built in Gig interfaces cannot be used for inline interception but can be used for WCCP or PBR. Inline adapter comes in a group LAN port and a WAN port.
  Regards
  Kiran.

• Inline Posture deployment for non Cisco Wireless Controler

  Hi all of you
  I have to deploy an Inline Posture to manage non Cisco Wireless Controler ( ZoneDirecteur 1000 Ruckus), It seem easy but I don't know from where to start. All documentation I rode it's about Inline Posture for VPN. I want just to use this Inline Posture to manage Wireless user through ZoneDirector wirelss controler. Thank you.
  Regards
  Kouassi

  So what is the solution for this scenario?
  remote site has non-cisco autonomous wireless AP. NAC is centralized. I can not use OOB since there is no support for non-cisco AP in OOB mode. As a result I use InBand mode. This means that local wireless trffic in remote site must travel to central site, go through NAC Server and go back to remote site. Is this correct?

• Idsm 2- Inline Mode Deployment

  I would like to configure an IDSM-2 in inline mode, I am having trouble about the deployment, I have a couple of questions;
  1. If you configure 2 VLANs (existing) as VLAN pairs does this mean the exist connection between the 2 VLANs is broken?
  ie they can only communicate to each other via IPS.
  2. Where is the best place to deploy this type of IPS?

  In an inline VLAN-pair scenario, the IDSM2 will bridge the VLANs together using VLAN tag swapping.  Below is a quick topo sketch of an inline design where this might be used.
  6500 MSFC--VL10--(inside) FWSM (outside)--VLAN 11--IDSM--VLAN 111--RTR--INTERNET
  In the example above, the FWSM outside and RTR inside interfaces sit on the same Layer 3 subnet but different Layer 2 VLANs.  The IDSM is positioned inline using an inline VLAN-pair.  Traffic leaving the FWSM towards the Internet will go into the trunk to the IDSM on VLAN 11.  The IDSM will then swap the VLAN tag to 111 before fowarding the packet down the trunk.  This process allows the traffic to be influenced into the IDSM for inspection.
  http://www.cisco.com/en/US/customer/docs/security/ips/7.0/configuration/guide/cli/cli_interfaces.html#wp1047718

• WAAS and 512 Deployment

  Attach is the Visio as well as config for the India site. The Visio has 2 tabs (POC-WAAS and Proposed-WAAS). The POC (Proof of Concept) tab does not have the spare 3660 installed yet but I plan to do that soon. The "Proposed WAAS" is where we would want to be. However, my question will most likely address POC tab with the preparation to move to the Proposed tab.
  Current assumptions:
  Since we have a Manager in India, we will be getting another Manager in Calif, If so, I would like to setup a Primary/Standby deployment for redundancy.
  Questions:
  1. For Calif Primary WAE, the visio shows a Management interface but do I need a management interface or is it better to go with a standby interface instead as well as use MHSRP?
  2. Since we have a high speed link (4 Mb Internet for VPN in POC but 10mb WAN for proposed), should we tune the buffers to the max? If so how?
  3. Is this a recommend design for California? for India?
  4. Is my configs a recommend configs for California 3660 in POC? If so, what do I need to change in 3825 in Proposed?

  Zach
  After reading the SRND, I believe the best design is to move the 512 to the Cores. Please see the updated Visio and planned configs. Here's my updated requirements:
  1. Calif is hub
  2. All traffic to India (10.2/10.26) should go through the VPN tunnel through (ASA5520)
  3. All traffic to 10.3 and 10.5 should go through WAN via (R-Voice2)
  4. Latency to India is btwn 280 to 340msec and BW is 2mb. Do I also need to be concern with the BDP, L2 redirect(forwarding), and Mask assignments?
  TIA

• Waas inline and exchange cluster

  Hello,
  Somebody can help me ?
  I put an WAE574 in inline mode betwen the switch and the wan router.
  When i no shut the inline group, the ip virtual address of the exchange cluster is not OK but the two physical address are OK.
  The exchange cluster is on the LAN
  When I shut the inline group, all it's OK
  Thanks for your help
  Bibian

  Hello,
  I finally fix my problem
  I configure a static mac address on the router and a static arp.
  the mac address is the cluster mac address and the arp is the ip and mac address of the cluster :
  mac address-table static 02BF.AC14.00A5 vlan 1 int gig 1/0/24 gig 3/0/23
  arp 172.20.0.165 02BF.AC14.00A5 arpa
  Regards
  Bibian

• WAAS Off-Path DEPLOYMENT

  Hi all
  If we have regonal site connected to H.O using main WAN link and on connected to branches on another router. can we use one WAAS box to optimize both traffic to H.Q on router 1 and traffic coming from branch on router 2 using WCCP ( by connecting first WAAS Physcal port to router 1 and the second port to router 2)
  Thanks,

  Thanks Zach for your reply,
  Sorry i didn't mention that in regional office we have two routers one is connecting remoter branches and second one connected to H.Q, so in this case we will use one WAE physical port to be connected to router connected to Branch and the second physical port to be connected to the second router ?
  Thanks,

• WAAS SAPGUI - Global Deployment

  Looking for any feedback or metrics that may have been gathered by others as part of analyzing the benefits of WAAS when accessing a single instance of SAP for a global user base. Bandwidth reduction per user, TFO metrics, end user response time measurements, etc. Most of the available Cisco/SAP WAAS analysis is focused on the HTTP version of SAP not the SAPGUI client.

  This might help.
  http://www.cisco.com/application/pdf/en/us/guest/netsol/ns406/c649/ccmigration_09186a008085f8dd.pdf
  http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_white_paper0900aecd80653362.pdf