Backgroound Image

Unable to add Cisco ISR to WAAS Central Manager

If you are trying to add an ISR to the WAAS CM and the process fails with no error (and it detects as WAAS Express) then I may have found the solution.  Use the CLI.  I know, seems obvious in hindsight, the CLI working where the GUI fails.  The issue for me was actually finding the process for the CLI in the documentation.

Well, here’s the link to the documentation: http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v611/configuration/guide/cnfg/other.html#pgfId-1070077

The short version is you need to do the following:

  1. Create a user with privilege level 15 
    1. For a local account – from config#: username user privilege 15 password 0 password
  2. Export WAAS vCM cert
    1. From exec: show crypto certificate-detail admin
    2. Copy the cert (including the —Begin Certificate— and —End Certificate—)
  3. Import the certificate into the router
    1. From config#:
      1. crypto pki trustpoint wcm
      2. enroll terminal pem
      3. exit
      4. crypto pki authenticate wcm
      5. Paste the certificate, and then enter a blank line to complete
      6. accept the certificate
  4. Create a router certificate
    1. From config#:
      1. crypto pki trustpoint local
      2. enrollment selfsigned
      3. subject-alt-name RouterFQDN
      4. exit
      5. crypto pki enroll local
        1. Answer the questions as prompted
        2. Serial number: Yes
        3. IP address: Yes
        4. Enter IP: IP_address
        5. Generate certificate: Yes
  5. Enable the web server and set authentication
    1. From config#:
      1. ip http secure-server
      2. ip http authentication local
  6. Enable SSH V2
    1. From config#: ip ssh version 2
  7. Register with vCM
    1. From exec: appnav cm-register https://vCMIP:8443/wcm/register

Unfortunately, there’s no output to the command, so you have to go to the Central Manager to see if it worked.  If it didn’t here are a few things to look at:

  1. Make sure the two devices can ping each other
  2. Verify that NTP is configured on both devices
  3. Verify that the AppX license is installed and activated on the router