I'm configuring ACE to enable the XML-HTTPS interface so I can import it into ANM, when I try to do a "match protocol xml-https any", I get a invalid command detected. When I tab at the match protocol command, I don't see xml-https listed (http, https, icmp, etc. is listed).
View 2 RepliesAny issues with IOS 12.4(16) through 12.4(25f) with HTTP/HTTPS protocols running on a 3825 router? I have a remote site that accesses a corporate application over an MPLS, sometimes it works fine, other times it will hang for hours. No errors on circuits, interfaces, ethernet interfaces, etc. Response times are averaging 50ms even when the application freezes. The only thing I can think of is that it could be an issue with the IOS version.
View 13 Replies View RelatedIf you are using load balancing how do you bind i.e. all HTTPS traffic to i.e. wan1. RV042G V2 you can inter 0.0.0.0~0.0.0.0 as Source IP to forward from all IPs, how do you do that with a V3?
View 2 Replies View RelatedCan we enable ssh on 3500 /3600 APs along with use radius for login authentication? idea here is to that ssh will provide another method to access the AP for troubleshooting purposes.I know with autonomous mode APs this should not be an issue but not sure with lightweight APs.
View 2 Replies View RelatedMy TCOM guys say they do not see the ACE as a CDP neighbor on their switches. Is CDP enabled by default? I cannot find any documentation that suggests this is configuration (like on the Cisco CSS - where it can be enabled, but cannot see its' CDP neighbors).
BTW - The ACE 4710 Appliance documentation uses CDP as acronym for Certificate Revocation List Discovery Point (for SSL CRL's).
i have ACE 4710 appliance that terminate SSL and the connection to the servers is http.
The ACE (one Armed) is load balancing between two web servers and i am using stickness in order to take the connection on the same server based on cookie.I can access the website either by http or https., where on the web page there is a login credential to access using username and password.
When i access the website using https everything works fine and i can login to my account in https mode.When i access the website through http and login to my account the URL is redirected to https...normal because i am using action-list to rewrite the http into https. But when i exit the browser and access the website again using http it is not redirected to https(although i see that i am still login into my account i can see all the inforamtion in my account).
The customer wants the connection to be https even when i exit the browser and access the website again (within short time before the cookie exipres)
I am new to the ACE30. I a basic configuration from the CLI and I am trying to use the device manger. I am able to get to the web informational page rather then accessing the login page. I have rest the password for both the admin and www and still no go. my question is how to go into enabling the GUI access.
View 1 Replies View RelatedFor a CSS with a SSL module (performing SSL termination) - is it possible to impliment a redirect on https URL to send to equivalent http URL.If my understanding is correct, the CSS will do SSL termination and then use an http content rule on the resultant http stream as it is recursively handled by the CSS ? This would mean that the SSL module has no way of seeing/acting on layer 5 and above data (i.e. picking up on a specific URL) and can not itself issue a redirect - i.e. you could not associate a redirect statement or service with the following ssl content rule ? [code]The CSS would instead rely on a http content rule to impliment a redirect - i.e. you would have to associate a redirect statement or service to the following http content rule instead?
But if the CSS is already handling traffic for existing url... traffic that is going to cause a loop when a client goes direct to. url...I realise the requirment is uncommon / a bit convoluted, its one of those don't ask type scenarios - aimed at achieving a specific requirement.Would the ACE 4710 be able to handle such a scenario any differently ?
I am trying to make a redirect from http to https. the goal is whenever a user writes in http://10.80.199.71 it should be redirected to https://10.80.199.71 I am just haveing some trouble making it work.
View 4 Replies View RelatedI have upgraded gss to version 3.2(0) because I need to track a server that uses only https.I configured a https head KA VIP answer type but the answer never goes on-line.I tried using url... as the VIP address but not go online too.The gss is behind a firewall.I suspected of the firewall but from the gss CLI it seems that the firewall is open for the https traffic: [code]
View 1 Replies View RelatedHow to configure a redirection on the ACE from HTTP to HTTPS using specific URL example [URL] to [URL], the SSL certificates were installed on the servers.
View 7 Replies View RelatedAny benefit to enable https with in the gui instead of using the default http?
View 1 Replies View RelatedI have a ace board(Acsm) in my switch 6509.I need provide access for clients over https, my scenario looks like this post [URL] .But, i have only one interface, and need to configure nat for inbound clients, to access the server with ip address of the interface vlan of my ace(if i set ace gateway in a rserver, the ssl termination works). The Topology is: Client(https) -> Ace(Https) -> Ace(http) -> rserver (http). Need to configuring this nat? I need that external clients arrive at the server with the ip of the same network as him, he did not right back the packet to the default gateway, but the origin of the same network as him, so that the communication function successfully, end order.
View 1 Replies View RelatedHave two ACE 4710 in HA setup. We would like to setup HTTPS loadbalance(actually just a primary and standby configuration in the serverfarm). Initially this would be for Exchange OWA connections but may expand to more HTTPS connections later. I know there are several ways to do SSL with the ACE( client, server, end-to-end). I am just wanting to know the easiest way to deploy this? Is a certificate always needed on the ACE for each connection? In HA mode would a certificate be needed for both or does it replicate in some way to the other ACE?
View 6 Replies View RelatedI am trying to configure ACE 4710 to load balance base on the URL, If it matches the specific URL ( /456/ ), the traffic will be sent to server farm 456 else the traffic will be sent to server farm 123.
I attached an image of the topology.
Ace Config:
rserver host SRV01_123
ip address 192.168.1.101
inservice
[Code].....
default inactivity connection time out for A3(1.0) So by defult any tcp connection(http or https) will be timed out in an hour. [code]Was this change in the A4(2.0) code or is it still the same? I heard a TAC engg say that default inactivity timeout for http and https are now 5 mins that is 300 seconds.
View 3 Replies View RelatedI am configuring a GSS to check an Web server that responds to https requests.I put 443 as the port but I don´t see replies from the server and the Answer Status is always offline.Other servers using http on port 80 are showing OK.The appliance is a GSS-4492-k9 Version 3.1(0).
View 2 Replies View RelatedI have a physical server running behind the ACE module ACE20-MOD-K9. The Server has several virtual machines. One of that virtual machines, has a WEB SERVER running virtual https servers. For example, server with IP address 10.0.0.20/24, has serveral virtual HTTPs servers as of urll... So, if you nslookup the servers, they all respond with 10.0.0.20 IP address. So if I do url...goes to 10.0.0.20 and read the VIRTUAL SERVER config and replies back to the request.Now, I am trying to verify that the TCP connection (443) and the HTTPS server itself is up and running but only for the url... site and not for the other 2.The problem that I am facing is tha the HTTPS probe fails randomly. The TCP probe works fine.
View 1 Replies View RelatedI have been tasked to provide SSL(HTTPS) access to a server farm that will be accessible from the internet. Is this the correct guide to follow?
[URL]
I am assuming I will need to purchase a certificate to import into the load-balance r as well.
Having issues with HTTPS sites being very slow after applying KB2585542? Once you remove this Microsoft patch everything returns to normal. It appears that the CSS does not handle the split-ssl requests properly. I have opened a TAC case but am not really getting anywhere as we seem to be the only company that is having this issue.
View 2 Replies View Relatedi have a 4710 appliance (one armed) and i am load balancing with two webservers. In the URL, there are links that need to be redirected to https:
[URL]
i am using the
rserver redirect REDIRECT-TO-HTTPS[URL]
The https is working but i have a problem. when i access the Main link "first" it is redirected to https to the Main link.But if i access one of the Sublinks directly(without having to click on the main link first) the page is redirected to https but to the Main Link. i have to click the Sublink again in order to get the page.How can i redirect to https and stay on the same page? What might be the general link in the webserver-redirection?
I’m looking for some notes from the field guidance here from those that have much more deployment experience.
I have a GSS and an ACE, and its the ACE that's primarily giving me something to think about, in terms of placement and what mode to adopt.
The traffic flow will look loosely like this:-
Client---Internet---Firewall---GSS---ACE---Servers
Physically, it's like this. The RED line denotes a boundary, and pretty much anything North of that is not accessible to us, we simply have a L3 trunk between our switches and "their" switches (S3/S4) and talk using EIGRP.
There are other servers in the top tier, some that also require load balancing, some that don’t. Typically, I want to load balance HTTPS requests from the internet, to one of the 3 servers in the top half.
I’m not sure what mode to select, routed, one arm? What about placement of the ACE? At the moment, I’ve just configured 1/1 on it and made it part of the MG MT VLAN, it's S VI exists on the S1/S2 switches, so I’m open to change as it's still all in the lab.
i need to enable snmp on Cisco CSS 11501.
View 1 Replies View RelatedI had meeting with security auditor for a customer, he told me that i need to enable SSL3 on content switch as his scanning found that all network is working on SSL2.I could not understand his view and then when i found the content switch documentation, it is mentioned that SSL3 is default enable on content switch."By default, the SSL version is SSL version 3 and TLS version 1. The SSL module sends a ClientHello that has an SSL version 3 header with the ClientHello message set to TLS version 1." Do i have to do some kind of configuration to enable SSL3 or its enable by default ?
View 3 Replies View RelatedJust upgraded our WCS server to the 7.x code over the weekend. Turned up the first 3500 series AP's today. The AP's have been up for about an hour. I am seeing the Air Quality graphs on WCS. On the Worst 802.11a/n and 802.11b/g/n Interferers windows, I am see a WCS System Error Page message but only in those windows. I have gone over the documentation and dont see that I need to enable anything else on WCS.
View 10 Replies View RelatedWe are planning to implement Aironet 3500, Do we need to have controller to install it or can we install as standlone AP.
View 1 Replies View RelatedHas any tried using a 3500 CleanAir AP as a site survey tool? Could you set it up in multiple locations temporarily and gather interference data and analize through WCS? This would use the 3500 AP like you would the Spectrum Expert product.
View 7 Replies View RelatedI'm trying to find if the 3500 AP will contains an 802.1X supplicant, so the AP can be identified and authorized by an ACS when it is connected to a secure access switch.I can find plenty of info on WPA2 & 802.1X for the wireless clients, but I'm struggling to find anything on 802.1X for the AP itself.
View 1 Replies View Relatedwe demo'd a 3500 with CleanAir before working with Cisco and purchasing a first batch. The demo worked as expected, just plugged it in and it went to town serving clients and reporting on it's channel in local mode, no problem. My first batch I have two AP's, 3502i's to be exact, plugged in and running on my 5508 with 7.0.98.0 code and and NCS Demo. The AP is up and serving in local mode, however NCS says CleanAir Management Operation StateDown
I took a look at the WLC and it says:
CleanAir
Oper
Status DOWN
So, why.. and where do I put it UP.BTW, this AP is connected to a 3750x stack, shouldn't be an issue there...
For a Campus setup (University), if I deploy 1142 AP's on all the floors with a WLC controlling them, and put one 3500 AP on each floor, will that give sufficient Clean Air support with automatic Rogue elimination? What about if an AP drops, does the WLC automatically try to cover that area with neighboring AP's? I know the old WLSE would be able to do that, but not sure if the WLC can do that by itself. What part of Self Healing can the WLC do with Clean Air, or is a WCS a must have in order to automatically Defend and self heal? Also is the MSE needed for this if a WCS is used? What does the MSE do that the WLC and WCS can't?
View 4 Replies View RelatedEverytime I make a config change to one of the contexts on our ACE20, I get this message: Config Application in Progress. This command is queued to the system
If I run show download info, I get:
context : context1
Interface Download-status
--------------------------------------------------------------
187 In Progress
199 Pending
Regex download optimization status : Couldn't get status[TNRPC Timed out]
It eventually seems to complete, but it takes a very, very long time. We are running Version A2(3.5) [build 3.0(0)A2(3.5)].
We have a Sonicwall NSA 3500. We have a seperate interface for LAN and WLAN. The WLAN is set up on a Sonicpoint. Right now, the LAN gives out 10.10.99.x addresses, the WLAN gives out 10.10.100.x addresses. What is the best way to get these two interfaces to give out addresses on the same scheme, ie both LAN and WLAN giving out 10.10.99.x addresses?
View 1 Replies View RelatedI am trying to config my wireless lan controller (WLC) 2106 to discover my new 3500 access points.I followed the example Cisco configuration doc.69719.I am using a Cisco 3760 switch to interconnect the AP and WLC.I set up DHCP in the switch. [code]
View 6 Replies View Related