Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

161

162

163

164

165

166

167

168

169

170

1-37

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Configuring Traffic Interception

Using Policy-Based Routing Interception

Core-Router1(config)# ip access-list extended 102

b. On Core-Router1, specify which traffic is of interest to its LAN interface:

• For example, mark any IP/TCP traffic sourced from any local device (for example, traffic sourced

from any file server or application server in the data center) on any TCP port to any destination as

interesting:

Core-Router1(config-ext-nac1)# permit tcp 10.10.11.0 0.0.0.255 any

• Alternatively, you can selectively mark traffic as interesting by defining the source IP subnet,

destination IP address, and TCP port numbers. For example, selectively mark IP/TCP traffic sourced

from any local device on TCP ports 135 and 80 to any destination as interesting:

Core-Router1(config-ext-nac1)# permit tcp 10.10.11.0 0.0.0.255 any eq 135

Core-Router1(config-ext-nac1)# permit tcp 10.10.11.0 0.0.0.255 any eq 80

Step 4 In the data center, use extended IP access lists to mark traffic of interest for the WAN interface (egress

interface-F) on Core-Router1:

a. On Core-Router1, define an extended access list within the range of 100 to 199. For example, create

access list 103 on Core-Router1:

Core-Router1(config)# ip access-list extended 103

b. On Core-Router1, mark interesting traffic for the WAN interface:

• For example, mark any IP/TCP traffic destined to any local device (for example, traffic destined to

any file server or application server in the data center) as interesting:

Core-Router1(config-ext-nac1)# permit tcp any 10.10.11.0 0.0.0.255

• Alternatively, you can selectively mark traffic as interesting by defining the source IP subnet,

destination IP address, and TCP port numbers. For example, mark IP/TCP traffic on ports 135 and

80 to any local source addresses as interesting:

Core-Router1(config-ext-nac1)# permit tcp any 10.10.11.0 0.0.0.255 eq 135

Core-Router1(config-ext-nac1)# permit tcp any 10.10.11.0 0.0.0.255 eq 80

Step 5 In the branch office, define PBR route maps on Edge-Router1:

a. Define a route map for the LAN interface (ingress interface). In the following example, the

WAAS-EDGE-LAN route map is created:

Edge-Router1(config)# route-map WAAS-EDGE-LAN permit

b. Define a route map for the WAN interface (egress interface).

In the following example, the WAAS-EDGE-WAN route map is created:

Edge-Router1(config)# route-map WAAS-EDGE-WAN permit

c. Specify the match criteria.

Use the match command to specify the extended IP access list that Edge-Router1 should use to

determine which traffic is of interest to its WAN interface. If you do not specify a match command,

the route map applies to all packets.

In the following example, Edge-Router1 is configured to use the access list 101 as the criteria for

determining which traffic is of interest to its WAN interface:

Edge-Router1(config-route-map)# match ip address 101