Troubleshooting guide
1-28
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Configuring Network Settings
Configuring Directed Mode
Configuring Directed Mode
By default, WAAS transparently sets up new TCP connections to peer WAEs, which can cause firewall
traversal issues when a WAAS device tries to optimize the traffic. If a WAE device is behind a firewall
that prevents traffic optimization, you can use the directed mode of communicating to a peer WAE. In
directed mode, all TCP traffic that is sent to a peer WAE is encapsulated in UDP, which allows a firewall
to either bypass the traffic or inspect the traffic (by adding a UDP inspection rule).
Any firewall between two WAE peers must be configured to pass UDP traffic on port 4050, or whatever
custom port is configured for directed mode if a port other than the default is used. Additionally, because
the WAAS automatic discovery process uses TCP options before directed mode begins sending UDP
traffic, the firewall must be configured to pass the TCP options. Cisco firewalls can be configured to
allow TCP options by using the ip inspect waas command (for Cisco IOS Release 12.4(11)T2 and later
releases) or the inspect waas command (for FWSM 3.2(1) and later releases and PIX 7.2(3) and later
releases).
After directed mode is activated, the WAE transparently intercepts only packets coming from the LAN,
while WAN packets are directly routed between the WAEs using UDP.
Directed mode operates with all configurable methods of traffic interception. Directed mode requires
that you configure the WAAS devices (or inline interfaces) with routable, non-NATed IP addresses.
When using directed mode with inline mode, you must configure the inline group with routable IP
addresses on its interfaces or traffic is black holed.
If a WAE at either end of a peer WAE connection specifies directed mode, and both WAEs support
directed mode, then both WAEs use directed mode, even if one is not explicitly configured for directed
mode. If a peer WAE does not support directed mode, then the peers pass through traffic unoptimized
and each WAE creates a transaction log entry that notes the failed directed mode attempt.
You can invoke directed mode operation in the following ways:
• Directed mode can be explicitly activated in the WAAS Central Manager or by CLI.
• Directed mode can be automatically invoked when a peer WAE requests that directed mode be used.
To activate directed mode, follow these steps:
Step 1 From the WAAS Central Manager menu, choose Devices > device-name (or Device Groups >
device-group-name).
Step 2 Choose Configure > Network > Directed Mode. The Directed Mode Settings window appears.
Step 3 Check the Enable directed mode check box to activate directed mode.
Step 4 In the UDP Port field, enter a port number to configure a custom UDP port for directed mode. The default
is port 4050.
Step 5 Click Submit to save the settings.
To configure directed mode from the CLI, use the directed-mode global configuration command.