Cisco Application :: ACE 4710 (1) SSL Certificate Import ( 2 ) With Load Balancing?
Dec 3, 2012
I am performing a deployment, in which i require clarity on the following. Our setup has DC and DR , in each site we have two devices for HA.We have received One SSL Certificate from Public CA, Kindly clarify the following doubts i have on thisIn Doc, i found Cert.pem and key.pem is required to generate the pair ,do i receive both Cert.pem and key.pem from the CA or we can generate key.pem from Cert.pem ?SSL Offloading is planned for the X application, and it is running in both DC and DR ( Considering each having their own Public IP address ) , do i need to have two different public certificates or a single certificate can i use in both DC and DR.Load Balancing IssueIs it possible to configure in ACE to access the service in Business hours and in non Business hours to display HTML page showing this is available only during these hours ?In DC we have Three Web Servers ( only in One physical server the service is active, other two are backup ), and these three servers are under cluster and shares one cluster IP , In ACE we have created the VIP and Pointed to only Cluster IP ( like pass through only ). The issue we face is if active web server is down, even then ACE is sending the traffic to that webserver only instead of sending it to the new Active web server. let us know if any solution is there to overcome this issue ?as per my understanding instead of giving cluster IP as real server IP we can issue the three physical servers. now i dont require load balancing between three servers instead require failover king like if first server is down then it should forward to Second server ?
View 4 Replies
ADVERTISEMENT
Nov 8, 2011
SIP Load balancing Issue with ACE 4710?I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
rserver host CIN-VOX-31
ip address 172.20.130.31
inservice
rserver host CIN-VOX-32
ip address 172.20.130.32
inservice
[code].....
View 6 Replies
View Related
Jul 7, 2012
We have two Cisco ACE 4710 and we want to install both of the devices in HA with load balancing mode.While i have done HA mode configuration between ACE 4710.But unable to configure load balancing configuration between them.i want to tell you connectivity between server,client & loadbalancer.Our Web servers are connected to VLAN 152 on the L3 (3750) switch.Which are alreday working in redundancy between other L3.And ACE 4710 it is also connected to vlan 150 which are connected to same L3 (3750) switches and users are also connected to vlan 6 on the same L3 itself.
View 2 Replies
View Related
Sep 18, 2012
I'm configuring ACE 4710's for the first time and I want to load balance my Nuance speech servers on port 554. Here's my configuration on ACE01:
[code].....
View 23 Replies
View Related
Mar 14, 2013
I am currently experiencing a problem while trying to import multiple 4710 ACE Appliances into ANM. ANM version is 5.2 and ACE 4710 Appliances version is 5.1.2. The error message is the same for all Appliances (currently 14, more to be deployed this year, another 12 this year). The management class, policy-map and service policy are all in place.
View 1 Replies
View Related
Dec 8, 2011
I am tasked to Configure an ACE 4700 for SLB. This has been done and working. Am also further tasked to create a secure communication between tha ACE and Exchange server. I need the breakdown of steps required to Import certificate from the exchange server, and how to verify that things are working.
View 3 Replies
View Related
May 23, 2011
I have 2 rservers 10.30.1.73, 10.30.1.76,I have 3 URLs in both
[URL]
I want to have only one link for two same link in both servers with this ip address 10.30.1.172 so I will have 3 link and will load balance to 6 links
[URL]
View 4 Replies
View Related
Dec 5, 2011
Does loadbalancing ldap services in ACE? Both port 389 and 636.
View 4 Replies
View Related
Apr 26, 2011
I have a problem with the ACE 20 load balance
To start with following is our architectural request flow:
Load Balancer --> Webseal /(reverse proxy) --> HTTP Server --> Portal Server
We have Hardware Load Balancer Cisco ACE20. When we access our portal from Webseal server it works totally fine without any issue, but when we access the same application using ACE we face the following issues:
1) Some of the links on do not work. For eg: We have a link "subscribe" which points to [URL], whenever we click on this link, the request is directed to [URL] i.e homepage
2) URL redirection does not work We have some links which have a url forwarding or redirection for example when we open [URL] it forwards the requests to [URL] opendocument....., but this redirection fails and again the request is thrown to homepage i.e., [URL]
3) The response of the request and the overall portal when accessed via ACE is very sluggish and it takes 20 seconds for homepage to load, whereas the homepage loads in 4 secs when accessed via webseal.
Below is the ACE details.
Hardware Product Number: ACE20-MOD-K9 Card Index: 207 Hardware Rev: 2.3 Feature Bits: 0000 0002 Slot No. : 7 Type: ACE
Software loader: Version 12.2[120] system: Version A2(1.4) [build 3.0(0)A2(1.4) adbuild_11:54:12-2009/03/05_/auto/adbu-rel2/rel_a2_1_4_throttle/REL_3_0_0_A2_1_4] system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_4.bin installed license: ACE-SEC-LIC-K9
View 3 Replies
View Related
Oct 26, 2011
I'm running an ACE 4700 appliance, i have a 4 server serverfarm setup, non-ssl, with leastconns predictor...i have tried round robin as well, and nothing...
I've taken each rserver out of service, and placed back in, and still, the traffic is handed off only to 1 server...
I do have sticky persistence (IP subnet)...
View 8 Replies
View Related
Nov 25, 2009
I have an environment with SSL termination and client authentication with a client certificate. Now, the backend server application needs to be informed of the client DN information present in the presented client certificate. Is it possible to tell the ACE to send specific client certificate fields to the backen server via insertion of an HTTP header or, to forward the entire client certificate in any way to the backend server ?
View 2 Replies
View Related
Nov 16, 2011
My customer has SSL certificate already installed on microsoft exchnage 2010 servers and now wanted to import that certificate to cisco ACE4710.
How to trace the exact procedure to import the SSL Cert to ACE from microsoft exchange server and how about the KEY, from where I should get the KEY to cross verify for SSL Cert?
View 2 Replies
View Related
Sep 15, 2011
We have a pair of CSS 11501,Currently it is using source ip for load balancing and 5 servers as backend , however we have users loggin in using http and based on its source IP (ISP PROXY) , it is forwarded to SERVER A.However, we have a SSL page and when the client switches over to SSL , it is forwarded to SERVER B/C/D/E based on its source IP ( REAL CLIENT IP) .This will cause the user to be terminated as the 5 servers are independent and not running in a cluster.
Is there any way that we can use the X-Forwarded-For address to load balance so that when users loging , they are sent to SERVER A (Based on X-Forwarded-For Header IP which translate to REAL CLIENT IP).This way we are able to also send it back to the same server when it uses SSL.I believe that we should be able to load balance using X-Forwarded-For IP or to rewrite the X-Forwarded-For IP into client source IP.
View 3 Replies
View Related
Apr 10, 2013
is there a possibility to get a load balancing across two rservers so: when client sends http://vip/ and it goes to rserver1 then url is sent without change when client sends http://vip/ and it goes to rserver2 then url is modified to http://vip/xyz/
Or maybe load balancing can be done across two serverfarms ?
View 3 Replies
View Related
Sep 23, 2012
We are in the situation we have a active configuration with ACE30 doing normal load balancing in routed mode, we have tons of rservers going out on a VIP.we now had to add a new private network to a provider that strangely enough does not want to see our public or private addresses. we need to loadbalance towards him on a priovided subnet (still rfc1918) (IOS VRF bug? is that correct?)I have two options, add the network (new interface) to the active loadbalancers (contexts) and then tie in new policies to the active serverfarms or make a new context just to load balance towards this provider.(preferred)Now - If I do this, the rservers see the client source addresses from this new provider. as the loadbalancer does not "hide" the client IP's. I would then have to add static routers toward the new context - I would want to skip that.
is there a way, to make the loadbalancer hide the client addresses towards the rservers ? perhaps I'm just needing the correct search term to find the config example.
View 1 Replies
View Related
Mar 25, 2012
I am receiving this error while the device is booting up :
kernel=(hd0,1)/c4710ace-t1k9-mz.A5_1_1.bin ro root=LABEL=/ auto console=ttyS0,9
600n8 quiet bigphysarea=32768 [Linux-bzImage, setup=0x1400, size=0xe719b73]
View 1 Replies
View Related
Aug 13, 2012
Experienced the same sort of behaviour with an ACE 4710 version A3 (2.5). When trying to connect to a webpage on port 443, the pages over 1 minute to download fully. I have timed the download using the plug-in firefox. What is strange is that the browser successfully makes the connection, 200OK etc, but each 'get' takes a very long time to transfer. If I go directly to the server and don't pass via the ACE the page takes between .7 and 1 second to transfer.Is there a way to speed this transfer up, I am currently looking at connection maps.
View 1 Replies
View Related
Dec 13, 2011
We are using Cisco ACE 4710 for load balancing the servers. The predictor used is 'least connections'.Have observed the below;The number of connections for a particular server in a serverfarm is 15 in the Cisco ACE.The actual number of users in that server is 6.All the users access using the VIP.Still i couldn't understand why there is difference in the number of users in the server and the load balancer statistics.
View 2 Replies
View Related
Oct 16, 2011
How to load balance two/three ISPs using ACE.
What might be the default gateway?Can i create a serverfarm with two rserver with different subnets?
View 4 Replies
View Related
Jan 22, 2013
I am configuring a load balancer from cisco, a ACE 4710.Load blancing is completely new to me, and i am unexpereinced in this field. It has to be configured for a customer that want to load balance HTTP and RTSP traffic over 4 application servers (Back-end),I searched alot on google for possible solutions, and got RTSP in some way to work, but http wont work says my customer.
[Code] .....
View 3 Replies
View Related
May 16, 2012
Can an ACE 4710 have , in the same context - servers which are
a. just being routed to
b. a set of load-shared servers
I have been told you may not be able to do this on this version?
View 2 Replies
View Related
Apr 16, 2012
Have two ACE 4710 in HA setup. We would like to setup HTTPS loadbalance(actually just a primary and standby configuration in the serverfarm). Initially this would be for Exchange OWA connections but may expand to more HTTPS connections later. I know there are several ways to do SSL with the ACE( client, server, end-to-end). I am just wanting to know the easiest way to deploy this? Is a certificate always needed on the ACE for each connection? In HA mode would a certificate be needed for both or does it replicate in some way to the other ACE?
View 6 Replies
View Related
Nov 15, 2011
I am trying to configure ACE 4710 to load balance base on the URL, If it matches the specific URL ( /456/ ), the traffic will be sent to server farm 456 else the traffic will be sent to server farm 123.
I attached an image of the topology.
Ace Config:
rserver host SRV01_123
ip address 192.168.1.101
inservice
[Code].....
View 4 Replies
View Related
Oct 14, 2012
I've done a lot of ACE work over the years but this is the first time this has ever come up.
I have a request from an application group where I have 3 rserver in the server farm but they want all traffic to only go to the first server unless that server fails. If the first server fails, only then do they want traffic to go to the 2nd server instead and if that fails, then traffic goes to the 3rd.
I've read through the documentation but haven't figured out a way to do this. What to do this type of failover configuration?
View 4 Replies
View Related
May 13, 2013
I have trouble with new installation LB ACE 4710 for Oracle application load balance. Problem: Unable to PING VIP - 10.11.10.55 / 24
Below are the simple configuration parameters:
1. ACE 4710 is connected with Cisco 3560 Switch - L2 Trunk (Channel Group)
2. Cisco 3560 Switch is connected with Cisco 6500 Switch (Core) also L2 Trunk
3. There are 3 Vlans,(255, 310, and 370), Vlan 255 is management Vlan
4. Real Servers and Virtual IP are part of Vlan 310
- VIP - 10.11.10.55
- Real Server1 - 10.11.10.46
- Real Server2 - 10.11.10.47
5. Gateway is 10.11.10.1 (vlan 310), 10.11.70.1 (Vlan 370)
View 5 Replies
View Related
Jan 30, 2012
Our Exchange 2010 hub servers run multiple services/ports: smtp, www, pop3,135, 143, https, 993, 995, 6001,6002,6003,60200,60201,8400, and 8402 what is the best way of balancing these servers so that if only one of the services failed on a server, it would switch only the failed service to remaining servers. At present I only use an smtp probe, so as log as that sevrice is running the server is marked good.
View 3 Replies
View Related
Oct 17, 2012
I’m looking for some notes from the field guidance here from those that have much more deployment experience.
I have a GSS and an ACE, and its the ACE that's primarily giving me something to think about, in terms of placement and what mode to adopt.
The traffic flow will look loosely like this:-
Client---Internet---Firewall---GSS---ACE---Servers
Physically, it's like this. The RED line denotes a boundary, and pretty much anything North of that is not accessible to us, we simply have a L3 trunk between our switches and "their" switches (S3/S4) and talk using EIGRP.
There are other servers in the top tier, some that also require load balancing, some that don’t. Typically, I want to load balance HTTPS requests from the internet, to one of the 3 servers in the top half.
I’m not sure what mode to select, routed, one arm? What about placement of the ACE? At the moment, I’ve just configured 1/1 on it and made it part of the MG MT VLAN, it's S VI exists on the S1/S2 switches, so I’m open to change as it's still all in the lab.
View 1 Replies
View Related
Feb 16, 2012
I'm trying to design a CSS configuration that allows servers in the same vlan to be the source and destination of load-balanced traffic. My thought is to add two new vlans, one for the VIPs and one for the servers, then NAT the source IPs going from the LB to the servers.
Is this the right way to do it?I've never NATted using CSSs, so I wanted to verify what I'm thinking.Our current config trunks the vlans -
interface 1/1
trunk
vlan 1
default-vlan
vlan 555
[code]....
View 3 Replies
View Related
Jun 3, 2012
Do you know the procedure of import SSL certificate from Godaddy to ASA 5510? attached is the drop-down list that I have to choose from.
View 5 Replies
View Related
Sep 27, 2012
Can I import a self signed certificate from a Cisco 871 router to a Cisco ASA 5505? The 5505 replaced the 871 and I have a VPN that goes to another company that we have a connect to. The device on the other end is a VPN concentrator ( I do not have access to modify this device without going through multiple channels.) I only need to mimic this device for the site to site VPN tunnel only. It appears that there are no pre-shared keys only a self signed certificate.
View 1 Replies
View Related
Jul 24, 2011
I'm currently in the process of the setting up a new wireless network and I want to test out our 7925 phones on it. When I try uploading the certificate to the phone it fails and I find the following error in the trace logs
[code]...
I created this certificate using using Windows Server 2003 and it is 2048 bits. This certificate works fine with my laptop but I'm unable to upload it to the phone. The app load currently on the phone is CP7925-MFG-D.8.LOADS. Are there any specific guidelines out there when creating a certificate for a Cisco 7925 phone?
View 2 Replies
View Related
Mar 2, 2009
I cannot import certificate from CA (Certificate Authority). When I attempt to install the certificate to CSACS SE 4.2, the following error occurs during installation: "Unsupported private key file format".
View 7 Replies
View Related
Feb 29, 2012
I am trying to import a SSL certificate into this device - Cisco SPS2024 (FW: 1.0.6 ( date 30-Aug-2011 time 15:45:47 )) but without sucess. I have allready did this task on another models through CLI (Cisco SRW224G4 - through the lcli) or on Cisco SG300. I can create certificate request with:
switch(config)#crypto certificate 1 generate key-generate
switch#crypto certificate 1 request cn "sw.localdomain" or "..." ou "..." loc "..." st "..." cu "..."
and that last command gives me plaintext certification request that I will sign with my certification authority. to this time, everything is clear and perfect.
And now, I have signed certificate according generated certificate request and I want to import it. And now I am in stuck, because I have not found any useful command to do this action. For import certificate, I have found only following command:
switch# crypto certificate 1 import pkcs12 WORD
also I dont exactly understand this command because there is no parameter to specify any url from which will be fetched pkcs12 certificate... just WORD parameter as the pkcs12 passphrase. nothing like as on another switch models on which there is following command:
switch2(config)# crypto certificate 1 import <CR>
after executing the command line will waiting for pasting the signed certificate to console. And on SPS2024 there is no any similar command to doing this. So in final, I cannot import certificate signed by my certificate authority, I can just generate self signed certificate directly on device and use only this one
View 2 Replies
View Related
