Troubleshooting guide
1-28
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Configuring Traffic Interception
Configuring WCCP on WAEs
Configuring Interception Access Control Lists
You can configure an interception ACL to control what incoming traffic across all interfaces is to be
intercepted by an ANC or WAE device (on an ANC, the interception ACL is called an AppNav
Controller interception ACL). Packets that are permitted by the ACL are intercepted by the device, and
packets that are denied by the ACL are passed through without processing.
By configuring an interception ACL on the WAAS device, you can control traffic interception without
modifying the router configuration. IP ACLs may be configured separately on the router to bypass traffic
without first redirecting it to the WAAS device. Typically, the WCCP accept list defines the group of
servers that are accelerated (and the servers that are not). Using an interception ACL allows you to easily
bypass uninteresting traffic, for example in a pilot deployment where you do not want to modify the
router configuration. Additionally, it allows you to more easily transition from a pilot to a production
deployment by allowing and accelerating different kinds of traffic in phases.
An interception ACL can be used both with WCCP and inline interception.
When used with interface ACLs and WCCP ACLs, the interface ACL is applied first, the WCCP ACL is
applied second, and then the interception ACL is applied last. Application policies defined on the WAE
are applied after all ACLs have filtered the traffic.
An ANC that is also operating as a WAAS node can have both an AppNav Controller interception ACL
to control what is intercepted by the ANC and an interception ACL to control what is accepted by the
optimizing engine. A flow may be permitted by the AppNav Controller interception ACL and then
subsequently rejected by the WAAS node interception ACL.
Note The interception ACL feature is mutually exclusive with static bypass lists. You cannot use both types
of lists at the same time. We recommend that you use interception ACLs instead of static bypass lists.
Static bypass lists are supported only for devices using WAAS versions earlier than 5.0.
To use an interception ACL, first define an ACL (see Chapter 1, “Creating and Managing IP Access
Control Lists for WAAS Devices”) and then apply it to a device. Interception ACLs are configured for
individual devices only and not device groups.
To configure an interception ACL for an ANC or WAE device, follow these steps:
Step 1 Follow the instructions in Chapter 1, “Creating and Managing IP Access Control Lists for WAAS
Devices” to create an ACL that you want to use for interception, but do not apply it to an interface.
Step 2 From the WAAS Central Manager menu, choose Devices > device-name.
Step 3 Choose Configure > Interception > Interception Access List.
Step 4 To configure a WAE interception ACL, click the arrow control next to the Interception Access List field
to display a drop-down list of ACLs you have defined and choose an ACL to apply to WAE interception.
Alternatively, you can enter an ACL name directly in the field and create it after you submit this page.
If you type in this field, the drop-down list of displayed ACLs is filtered to show only entries beginning
with entered text.
If you need to create or edit an ACL, click the Go to IP ACL link next to the field to take you to the IP
ACL configuration window (this is the Configure > Network > TCP/IP Settings > IP ACL page).
Step 5 To configure an ANC interception ACL, click the arrow control next to the AppNav Controller
Interception Access List field to display a drop-down list of ACLs you have defined and choose an ACL
to apply to ANC interception. Alternatively, you can enter an ACL name directly in the field and create