Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

151

152

153

154

155

156

157

158

159

160

1-36

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Configuring Traffic Interception

Using Policy-Based Routing Interception

Note The commands that are used to configure PBR on a router, can vary based on the Cisco IOS release

installed on the router. For information about the commands that are used to configure PBR for the Cisco

IOS release that you are running on your routers, see the appropriate Cisco IOS configuration guide.

Configuring Policy-Based Routing

The example in this section shows how to configure PBR as the traffic redirection method in a WAAS

network that has one WAE in a branch office and one WAE in the data center (as shown in Figure 1-5).

To configure PBR to transparently redirect TCP traffic to WAEs, follow these steps:

Step 1 In the branch office, use extended IP access lists to specify which traffic is of interest to the LAN

interface (ingress interface-A) on Edge-Router:

a. On Edge-Router1, define an extended IP access list within the range of 100 to 199. For example,

create access list 100 on Edge-Router1:

Edge-Router1(config)# ip access-list extended 100

b. On Edge-Router1, specify which traffic is of interest to this particular interface:

• For example, mark any IP/TCP traffic from any local source addresses (traffic for any branch office

clients) on any TCP port to any destination as interesting:

Edge-Router1(config-ext-nac1)# permit tcp 10.10.10.0 0.0.0.255 any

• Alternatively, you can selectively mark interesting traffic by defining the source IP subnet,

destination IP address, and TCP port numbers. For example, mark IP/TCP traffic from any local

source address on TCP ports 135 and 80 to any destination as interesting:

Edge-Router1(config-ext-nac1)# permit tcp 10.10.10.0 0.0.0.255 any eq 135

Edge-Router1(config-ext-nac1)# permit tcp 10.10.10.0 0.0.0.255 any eq 80

Step 2 In the branch office, use extended IP access lists to specify which traffic is of interest to the WAN

interface (egress interface-C) on Edge-Router1:

a. On Edge-Router1, define an extended IP access list within the range of 100 to 199. For example,

create access list 101 on Edge-Router1:

Edge-Router1(config)# ip access-list extended 101

b. On Edge-Router1, specify which traffic is of interest to its WAN interface:

• For example, mark any IP/TCP traffic to a local device as interesting:

Edge-Router1(config-ext-nac1)# permit tcp any 10.10.10.0 0.0.0.255

• Alternatively, you can selectively mark interesting traffic by defining the source IP subnet,

destination IP address, and TCP port numbers. For example, mark IP/TCP traffic to any local source

addresses on TCP ports 135 and 80 to any destination as interesting:

Edge-Router1(config-ext-nac1)# permit tcp any 10.10.10.0 0.0.0.255 eq 135

Edge-Router1(config-ext-nac1)# permit tcp any 10.10.10.0 0.0.0.255 eq 80

Step 3 In the data center, use extended IP access lists to specify which traffic is of interest to the LAN interface

(ingress interface-D) on Core-Router1:

a. On Core-Router1, define an extended IP access list within the range of 100 to 199. For example,

create access list 102 on Core-Router1: