Manualshelf

Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274
51525354555657585960
1-14
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Planning Your WAAS Network
Identifying and Resolving Interoperability Issues
WAAS Support of the Cisco IOS Provisioning, Monitoring, and Management
The Cisco IOS AutoQoS feature is supported by the WAAS software but requires additional
configuration. This feature is closely connected with NBAR support because the AutoQoS feature uses
NBAR to discover the various flows on the network. However, because the Cisco IOS AutoQoS feature
is strictly on an outbound feature (for example, it cannot be enabled on the inbound side of an interface),
this situation could create a potential problem because enabling NBAR on the outbound interface is not
supported.
To avoid this potential problem, enable the trust option of the AutoQoS feature on the following
interfaces so that classification and queuing are performed based on the marked value (NBAR is not
enabled on the outbound interface using this solution):
On the LAN interface on which the input policy is created and on which the marking of the packets
should be performed according to the AutoQoS marking (for example, interactive video mark to
af41).
On the WAN outbound interface.
WAAS and Management Instrumentation
For management instrumentation use with the WAAS software, note the following:
When deployed in native (transparent) mode, WAAS maintains packet header information vital to
technologies such as NetFlow. NetFlow can be configured on adjacent devices and exports flow
record information in accordance with where NetFlow is configured in relation to the WAAS device.
For NetFlow configurations on the LAN side of a WAAS device, NetFlow exports records
containing information about original flows. For NetFlow configurations on the WAN side of a
WAAS device, NetFlow exports records containing information about optimized and pass-through
flows.
You may see statistics on optimized and unoptimized traffic.
IP Service Level Agreements (SLAs) are supported.
Full support of policies based on Layer 3 and Layer 4 is provided. Policies based on Layer 7 are
partially supported because the first few messages are unoptimized.
Intrusion Detection System (IDS) is partially supported. The first few messages are unoptimized to
allow IDS to detect the intrusive strings.
Cisco IOS security is partially supported with the exception of features that rely on Layer 5 and
above visibility.
IPsec and SSL VPN is supported.
Access control lists (ACLs) are supported. IP ACLs on the router take precedence over ACLs that
are defined on the WAE. For more information, see the Access Lists on Routers and WAEs” section
on page 1-25.
VPN is supported if the VPN is deployed after WCCP interception occurs.
Note A WAAS device does not encrypt WAN traffic. If you require additional security measures,
you should use a VPN. However, the VPN appliances must encrypt and decrypt traffic after
and before the WAAS devices so that the WAAS device only sees unencrypted traffic. The
WAAS device is unable to compress encrypted traffic and provides only limited TCP
optimization to it.