Cisco Application :: ACE-20 Module In Bridged Mode With Client NAT
Apr 15, 2012
Whatever a NAT is supported for ACE-20 module? I do need to convert working CSM(SLB) config to ACE configuration and I am not quite sure if the configuration below is correct. ACE module should be configured in bridge mode with two vlans - vlan 36 (client) and vlan 436 (server) - bridged with interface bvi 36. NAT on ACE configurad as "nat dynamic 1025 vlan 436" into corresponding "policy-map type loadbalance". Check two parts of configs and if the ACE config is properly converted from CSM and will be working in the same way (especialy for NAT). [code]
I am desiging a topology with two Cat 6509 and Two ACE Module, one ACE per Catalyst. I am thinking to use bridge mode for the customer contexts, I would like to know if the Bridged mode is an Assymetric topology.
The server gateway is the ip address of the ACE or the Router?
We have a 6509 with an ACE module. For reasons I don't fully understand the ACE is running using a BVI in bridge mode. It has loads of secondary interfaces.
I can ping all of the IPs on the BVI, but only servers in Subnet 10.7.42/42 can ping out of the the layer 3 on the 6509. I have all the routes configured properly on the 6509 pointing to the ACE for these subnets. The question is though the config has been excepted, is there a limit to the number of secondary on a BVI.
I am trying to get documentation on how to integrate an ACE30 module in a service chassis design integrated with the Nexus 7000 in routed mode. Only documentation I could find shows this design with the ACE30 module in a one arm mode. Any documentation that shows this implementation of this design?
I'm a Cisco newbie and I'm in the following situation:
1>The router (867) must connect to my ISP in 1483 bridged (2684 bridged) mode, LLC, VPI/VCI 0/35 2>WAN IP will be assigned by ISP (DHCP) 3>No username and password required to establish the connection 4>MAC-Cloning is advised, not required 5>Firewall behind 867, WAN IP should be assigned to WAN interface firewall, connection established by 867 6>867 router will be used as a switch, so no NAT required. NAT will be setup on the firewall 7>Connection type: Analog (annex A)
The required setup can be fixed by configuring the 867 in half-bridged mode, but I don't no how and I don't know exactly how to config the 867 in bridged mode.
First, it's even hard to setup a good bridged config.
version 15.1no service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryptionservice sequence-numbers!hostname router1!boot-start-markerboot-end-marker!logging buffered 51200logging console criticalenable secret 5 ****!no aaa new-modelmemory-size iomem 10clock timezone GMT 1clock summer-time GMT date Mar 30 2010 1:00 Oct 26 2035 1:59!!no ip source-route!ip cefno ip bootp serverno ip domain lookupip domain name domain.local!!!!username admin privilege 15 secret 5 ***!!ip tcp synwait-time 10ip ssh time-out 60ip ssh authentication-retries 2!!!!!!!interface ATM0 no ip address no atm ilmi-keepalive!interface ATM0.1 point-to-point pvc
I would like to convert my cable modem Cisco epc3825 (bridge only), and thus can not function as a router. Before if I could, but my Internet Service provider has updated the firmware epc3825 and I can not pass it on to cable modem (bridge only).
I'm trying to connect my WAG160N as a ADSL modem (disable the router function) and connect a real router (RVS4000)So, i put my WAG160N on birdged mode only, disable the DHCP on my RVS4000, i did configure my PPPOE access (user and password), change the IP adress 192.168.0.2.configure the DHCP and try to connect. i tryed to connect the RVS4000 and the WAG160N either with cross cable or a direct cable. I can get access to the RVS4000 192.168.0.2 and get access to the configuration menu but cannot get access to my WAG160N 192.168.0.1 even a simple ping.when i try to test the connection on my RVS4000 (status) it seems that my connection is up but i cannot get access to internet.
My Encapsulation router WAG54G2 switch RFC 2516 PPPoE to Bridged mode only everyday and all configuration that i made will reset and also Application & Gaming button error when i click.I'v reset to factory default and upgrade the firmwire to the latest one but it not work also I replace the device but nothing changed.The problem will solve if I cut the powir off and restarted agein.
I put the ea4500 on Bridged mode, and now I cant connect!I know I have to put the new ip address, and when I do I choose direct conect, it ask me for a password, I put the password, I click to connect, and then it just sits there in waiting....
Using Cisco 1811W with IOS 15.1(4)M5. FE0 and FE1 are connected to the internet via Billion ADSL2+ modems operating in bridged mode. Both lines are similar so I'll only discuss FE0 from this point on.Local subnet is 192.168.128.0/24 with router on 192.168.128.1 as default gateway. Modem on FE0 has static LAN IP of 192.168.128.2 and when plugged into the switch on the LAN side, the web interface can be accessed at that IP address. Unplug the modem from the switch and plug it into FE0 and it now works as desired providing access from the router to the internet but the web interface is no longer accessable at 192.168.128.2
I tried adding a static route "ip route 192.168.128.2 255.255.255.255 FastEthernet 0" and also "ip route 192.168.128.2 255.255.255.255 Dialer 1" Neither worked and presumably it isn't that straight forward. Possibly NAT or other routing configuration required.Although there isn't much to configure when in bridged mode, I mostly want this setup so I can look at the ADSL connection status and for the modem to write messages to syslog (works when plugged into switch on LAN side), or SNMP access.
I'm trying to connect my WAG160N as a ADSL modem (disable the router function) and connect a real router (RVS4000) So, i put my WAG160N on birdged mode only, disable the DHCP on my RVS4000, i did configure my PPPOE access (user and password), change the IP adress 192.168.0.2 configure the DHCP ... and connect ... no way !
i tryed to connect either with cross cable or a direct cable ... same result. I can get access to the RVS4000 192.168.0.2 bit cannot get acess to my WAG160N 192.168.0.1 (strange ... don't have explanation for that) even a simple ping !
when i try to test the connection on my RVS4000 ... it seems that my connection is up .
I'm trying to use my WAG120N router as a modem only/Bridged Mode and I've managed to enter all my settings needed on the WAG120N which is the Encapsulation to Bridged Mode Only, QoS to UBR, Type Of Connection to LLC, VPI and VCI to 0 and 35, DSL Modulation to Multi mode.On the EA4500's end I've entered my Usrname and password in the Internet settings and configured for PPPoE.
I have a WAG54G2 working fine for more than 2 years now. It has the initial firmware version 1.00.10
Recently I mode it from my home to my store, where I have a already working CCTV setup. Initially the router did not work, but once the service provider removed the mac-id binding (with my previous ADSL2+ router) the WAG54G2 was connecting on DSL. However it never got a DNS value. Currently I am using it with a fixed DNS.
After a few days of working I noticed that my remote viewing for the CCTV was not working. On checking the router settings I saw that the router had defaulted to no settings at all. Changing it back to PPPoE did not work since the page would not render completely. Resetting to Factory settings also did not work. However simply switching off the router and restarting it worked. I let it go then. The same thing happened again within a day or two. Each time restarted the router seemed to solve the problem, however temporarily.
I have the SPI firewall enabled also I have application port forwarding set for HTML port 80 forwarding to say port 1234.
EA4500 in bridged mode and I can log in the the CCC account but nothing appears on the screen. I was able to see the settings, etc with the previious firmware. I reset the router and tried different browsers, PC, etc. Now running Ver.184.108.40.206146.
I'm runing an ea3500 in bridged mode, classic configuration, firmware 1.0.30 build 126544. I got ftp working for my usb attached wv delements drive , but it is totally invisible in windows (except for ftp of course).I read in an older post that the usb drive in certain situations does not work (independent of disk manufacturer/type and such) and for certain configurations the ftp option might work but the windows mapped network drive doesn't , does that still apply? does it apply to bridged mode ?
I recently installed the license ACE-SSL-05K-K9 on ACE10 with multicontext solution.The license provides 5000 Maximum number of SSL transactions per second (TPS).The customer would like to track this to find out the correct size and in the case of services https upgrade licenses.Can I do it so through particular output or it's necessary monitoring with snmp service? In the second case, can you tell me the oid string to use?
In case the module should receive a higher number of connections to that provided by the license, what's the issue for new https connections?
We are using a Ace module running version 3.0?We do have a service which can now be reached by a url like https://www.xxx.com/yyy/ < notice the last /This is running via the Ace which terminates SSL and so on..
So now our client wants an url like https://www.yyy.com . The backend realservers and place of virtual dirs on IIS stays the same.
So now /yyy/ needs to be added to the backend realserver request, so the correct virtual dir is used. Therfore I need to add this Uri towards the realserver.
I Just deployed some of these new modules and running A4.x code. How to configure an ACE with the maximum context?
We run in tranparrent mode with 110 Contexts, we found that with a base config for each context(80 lines of code) this would only leave us with 7% of available RAM. The Device begins to shut down services @ 5%. like SSH and others.
So, Is this even possible to configure 250 contexts and still manage the device.
if the 7600-SIP-200 supported in VSS mode or not ?
I have configured to Cisco Catalyst 6513 as VSS, both of them have the 7600-SIP-200 module, before converting them to VSS I was able to work with the 7600-SIP-200 module, but after I did convert them to VSS, both modules didn't work.
here is the show module output, after VSS conversion:
VSS1#show module Mod Ports Card Type Model Serial No.--- ----- -------------------------------------- ------------------ ----------- 1 0 4-subslot SPA Interface Processor-200 7600-SIP-200 JAE14500GMT 7 5 Supervisor Engine 720 10GE
I am currently stuck to setup an automated configuration backup for ACE Blades. I found a script to backup the ACE from the Cisco ANM box but unfortunately I am not very familiar with Linux. (script) in place, to "pull" the ACE config from a Microsoft system ?
I have an ACE20-MOD-K9 with version A2_3_6a, and i am having problems in cookie persistency. the setup contains 4 servers using round-robin algorithm and cookie persistency and that receive http traffic on port 9090. I have been receiving complains that the users are getting disconnected randomly while accessing the web application through ACE. Below is part of the config, when setting the timeout of the cookie to default or something equal to hours, the disconnection/complains gets worse.
I wanted to find out how many times can I apply a healthcheck in a single context. I have 50 farms that are using the same port and instead of creating 50 different healthchecks, I want to just create 1 healthcheck for the 50 farms and apply it to each farm. I also need to know if the same limitations (whatever they may be) is the same for the 4710, ACE20 and ACE30.
we use ACE30 module, ver. A4(1.0) for access to intranet application. The https connection from client is terminated on ACE module, LB algorithm is used and new SSL connection is initiated to the server. Standard operation works without problems.
But when user generates a .xls od .pdf report in the application, it should open in a new popup window. Problem is, that it does not (but on the server, the report is generated and stored). The PC and browser are configured fine, when accessing the application from the same PC directly (bypassing the ACE module), the popup window appears.
i have configure new ACE 30 module on top of 6500 core switch , the issues am facing whenver i want to access to https://ACE_IP and after i enter the user name and the password , it's forwared me to the follwoing page: is there anything should i configure to avoid this page ?
I have an ACE10-6500-K9 (Application Control Engine service module for Catalyst 6500) but I can't access it because I lost the admin password.I would like to know how to perform a Password Recovery Procedure on this device.Is it similar to the password recovery procedure on an ACE 4700 appliance?
Does ACE service module support SHA2(256) certificates? I see that private key generation defaults to SHA1 and does not provide any option, also the cipher suites in SSL parameters map do not show SHA2 options. Can it handle SHA2 in any software release? I am currently running A2(2.3) build 3.00