ACE 4710 TACACS issues ,How to setup user with Admin context access permission. I have enable the TACACS and it can directly put me in Context mode not in Admin Context mode .
View 8 RepliesIs it possible to use 1 or 2 of the 4 gigabit ethernet ports from one ACE straight into the other ACE for redundancy? So ACE_01 gig0/4 to ACE_02 gig0/4.If so, is it a case of just having the layer 3 config instead of trunking etc..Also - is it possible to create a context within the same vlan as the Admin context?
View 4 Replies View RelatedWe are having issues with our Cisco ACE 4710, it suddenly stopped to telnet admin context.We are able to telnet another context from the same appliance, but unable to telnet the admin context. Is possible to pings the gateways from the other contexts, but we are not able to ping the gateway from the admin context.Actual we have 5 context with the minimum allocation is 10%.ACL and policy map allowing telnet and etc are enable and configured on the interface.
View 1 Replies View RelatedI have an HA ACE deployment and all seemed to be working well until I tried to access the ACE via the management VLAN in the one non-system context, no go.The ACE is in one-armed mode with an Admin/System context and one user context (named Messaging). Source NAT has been set up in the user context. All VLANs are in a port channel back to the core switches.I can access the ACE via the Management VLAN in the system context, all OK. I can access the load-balanced servers via the VIP in the user/Messaging context, all OK. I CANNOT acccess the managment VLAN other than ping it (resonds to ping, but telnet, ssh, https, etc. fails).The system/Admin context has a default route to the Management VLAN on the core. The User/Messaging context has a default route to the core switches on VLAN 5, which is the VLAN where the VIP resides.If I change the default route in the User/Messaging context to the Management interface on the core switches then I can access both contexts for management, but then the load-balancing falls over and I cannot access the serverfarm (via the VIP). Traces on the rservers show that NAT is being hit on the ACE and the requests are coming from the real IP of the clients. Put the default route back to the User/Messaging VLAN on the core and NAT is back to what it would be expected to be, and then remote/management access to the ACE is gone.
ACE02/Admin# sh run
Generating configuration....
logging enable
logging standby
logging timestamp
logging buffered 4
logging device-id context-name
[code]....
Can an ACE 4710 have , in the same context - servers which are
a. just being routed to
b. a set of load-shared servers
I have been told you may not be able to do this on this version?
I am looking at management (backup of the configuration) of the ACE 4710 running A4.1, the management software is Cisco Cirrus. The question I have is around the management of the context's, I have a backup of the Admin but would like the user context's also, how this is completed.
View 3 Replies View RelatedI have two ACE working on active-standby mode, I have one context configured on bridge mode, with two vlans, the client (vlan 100) and server (vlan 101) sides.I need to balance another service for two servers (different from the ones on the first context ) on the vlan 101, so as the documentation says i can't configure the same vlan on another context because it is already configured on the 1st context as bridge.so my question is the only way i could balance this service is to configure it on the same context??. or there is another way?.These are the design limitations that i have to do this:
1.- I can't change the servers IP address.
2.- The VIP which will answer the clients request is on the same IP network segment as the servers, for example: server1: 192.168.100.125, server2: 192. 168. 100.126, VIP: 192.168.100.124
Using an ACE 4710 we have a user setup with the Network-Monitor role which allows the user to view config, interface status, etc. We would also like to allow this user to clear the interface error counters as well, but nothing else.
View 2 Replies View RelatedI need to setup new ACE 4710 device , after referring to "Establishing a Console Connection on the ACE" i had managed to set up initial console connection. During installtion i had configured vlan (default vlan 1000) , interface ip adess& subnet mask.
Post initial config i understand i should be able to open' Device Manager GUI Login Window' but it is not opening.I also need inputs on setting 4710 for the telnet connection
I have setup load-balancing on an ACE 4710 for HTTP for Sharepoint 2010. The Server Admin says that the IIS server will recognize the right site by DNS name. Problem is I have no clue how to make sure the servers get the DNS name passed to them. They says this is for a multi-homing setup so that we can run multiple sites using the same VIP to the same Serverfarm. How do I do this? I keep getting the IIS splash page since the real server cannot determine the IIS site that I am supposed to access.
View 2 Replies View RelatedIm trying to make a ACE+caching setup work. Ace is running A5(1.2)Content types considered static (like images, stylesheets and javascripts) should be fetched from caches instead of servers.Content from the caches that can be compressed should be compressed by the ACE (stylesheets and javascripts).I am classifying traffic into * static, not compressable (content should be fetched from caches but is already compressed - this class will hold .jpg, .gif, .png, .ico and others - but for this experiment the class is defined with only (a never to be hit) content type .xico* static, compressable (content should be fetched from caches but can be compressed by the ACE - this class will hold .css and .js but for this experiment is defined only with (never to be hit) content types .xjs and .xcssother For statistics purpose I have included a catch all class for everything else (which shold be send to servers) - class-default is configured but will not be hit in this example because of the catch-all class I configured.Since both "STATIC" classes include only content types that has been renamed to content types not used in the real world, I will not expect any hits on those and since WWW.SITENAME.COM:80_STATIC_COMPRESSABLE is the only class configured for compression I expect that nothing will be compressed since there wil be no hits on this class.
This is how it looks in the configuration:
class-map type http loadbalance match-any WWW.SITENAME.COM:80_STATIC_NOT_COMPRESSABLE 10 match http url .*.xico
class-map type http loadbalance match-any WWW.SITENAME.COM:80_STATIC_COMPRESSABLE 10 match http url .*.xjs 20 match http url .*.xcss
class-map type http loadbalance match-any WWW.SITENAME.COM:80_DEFAULT 10 match http url .*
[code]....
Questions are: Why do I see things being compressed when there is only being accounted hits in a compression:off class ?Why does enabling compression in one class (never being hit) cause hits in other clases to be compressed ?
After upgrade to ACS 5.2 appliance , we are trying to configure AAA between Ciscoworks and ACS. Authentication is working but authorization fails , logged user cannot access to admin parameters. I've configured attributes manually but it doesn't work.Does ACS 5.2 support integration with CiscoWorks?
View 1 Replies View RelatedWe have Cisco ACE 4710 in our network.system image file: (hd0,1)/c4710ace-mz.A3_2_0.bin Device Manager version 1.1 (0) 20080805:0415
We are not able to connect to the device through HTTPS (GUI) , it used to work before. When we try access the GUI, it asks for user name and password.After that it shows blank screen.
I want to share the My Documents folder from an XP machine with ONLY one user (the administrator) on a networked Win 7 machine. I have turned off simple sharing on the XP machine. I hate XP!! So complicated to do anything. Anyway, under security, I have tried share this folder, and not to share folder. I have gone into Advanced and messed around with permissions, taking out Everyone, using Admin only, using Network. At one point I ended up not being able to access My Documents on the local computer and had to jump through many hoops to change ownership and disable read only so that the user could use her own files!The problem is, under Advanced in the permissions area, I cannot see the users on the remote pc to choose which one should be allowed access. how to actually find a particular user on the Win 7 pc and give ONLY that user permission to read (not to change) the files in My Documents on the XP pc.
View 3 Replies View RelatedI am trying to setup a VPN with AnyConnect on my ASA5510 and it works fine. I have setup an AAA server group for my Active Directory with the "NT Domain" protocol". Right now, every user is able to connect with their Active Directory credentials. I would like to restrict access to the Anyconnect VPN to only a few users in AD.
View 1 Replies View Relatedconfigure Cisco Ace 4710 ?Note :- Just a testing face I need to access my one server(192.168.1.11 : 80) through VIP :- 10.13.77.10 , I have only one Cisco Router 2800 and One L2 Cisco Switch 2960 and Cisco Ace 4710 . So I already configured 2 Different VLANS in Switch (Vlan 10 & Vlan 100) and by router I given the ip address of that Vlans with Inter Routing Vlan. My Connectivity is like this :-- Router Ethernet 0/0 --- 10.13.77.1/24 with vlan 10) & Router Ethernet 0/1 ---- 192.168.1.1/24 with vlan 100 ) connected with switch after that I configured ACE LB and connect the ACE interface with switch Like that ---- Connect to ACE Interface 2/3 vlan10 with switch vlan10(Ethernet port 2-12) and Connect to ACE Interface 3/3 vlan100 with switch vlan100(Ethernet port 13-24) .Testing to access server from Switch Vlan10 to Vlan 100 where my server is there.
Configuration :---
ACE> client side Vlan10 (10.13.77.4/24) , VIP :- 10.13.77.10, SM-- 255.255.255.255
ACE> server side Vlan100 (192.168.1.5/24), Web server -- 192.168.1.11 with 80 port
ACE> Managment Vlan 1000 (172.16.6.5/24) ,
ip route 0.0.0.0 0.0.0.0 10.13.77.1
I already Configured in Routed mode but From Vlan10 ip subnet example like 10.13.77.12(Client or User PC) tried to access server 192.168.1.11 with VIP http://10.13.77.10 but not responding , if i access server with real IP then accessible (why boz there is inter vlan routing)?
Access Server through VIP (ACE 4710) but very slow
Accessing the server very slow.., check my real configuration... this configuration is for application server and after this i have to configure more serverfarm for different server like webmail etc. in this ACE 4710. I have only one ACE 4710 .
ACE Version A4(2.0) = is there supports Probe with this version? without probe server will work but very slow.
VIP :-- 172.16.15.8
LB/Admin# sh run
Generating configuration....
[Code].....
We have 4710 ACE in our network and currently we are using software version A3 2.0.
Currently we are not able to access the ACE through web interface but Telnet is happening properly. Connection is establing while we are doing the telnet to ACE through port 80 and port 443. find the below dummy configuration.
resource-class SLB_STICKY
limit-resource all minimum 0.00 maximum unlimited
limit-resource sticky minimum 10.00 maximum equal-to-min
[Code].....
I ma having issues trying to import a .PEM file into an ACE 4710. The original file was a PCKS12 file that was converted to a set of .PEM files as I have no access to any server to do a file transfer. This has worked in the past. the error I get is "Error: File not of recognized types - PEM, DER or PKCS12, import failed". I am not sure what is exactly failing. The cert was converted to a .PEM and the ACE imported that fine.
View 4 Replies View RelatedI have been tasked to provide SSL(HTTPS) access to a server farm that will be accessible from the internet. Is this the correct guide to follow?
[URL]
I am assuming I will need to purchase a certificate to import into the load-balance r as well.
I want to use one arm infrastructure of ACE4710. But I remember it was problem for back end server can not get logging for which client/ip address access the web server.
View 3 Replies View RelatedAfter replacing a Cisco CSS/SSL Accelorator and PIX firewall with an ACE 4710 to do load balancing and SSL encryption behind an ASA firewall we started seeing mangled HTTP requests in the Apache access logs for the servers in the server farm. This is occurring for several different URLs and not just the one above and for multiple web browsers.The ACE load balances to servers running Tomcat 7 with Apache HTTP server v. 2.2.14. A recent ACE software upgrade to A5(2.1) has not fixed the problem.
View 1 Replies View RelatedI have just joined a networks team and will be working on two fwsm versions 4.0(8) in two 6500 routers. Now the fwsms seem to be virtualised with multiple contexts. The server team want a new context setup for a group of servers behind a vlan. [code]
This context just seems to have two Vlans and a BVI interface. What is the function of this context and why we have 2 admin contexts?
Also another important question is on which 6500 do I create the new context? Is the admin context active on one 6500 just like other contexts and will sync across or do I have to create the new context on both 6500s.
Report run via Individual Web server URL’sThe report takes less than 20 minutes (average 15 minutes) to fetch and return the data. This is observed 9 out of 10 times.Report run via ACE Load Balanced URLThe report keeps on running for more than 20 minutes and never completes. The front end keeps showing report is running.The data in general when tested directly by running queries against the database (bypassing the platform) completes in 15-18 minutesThe network connectivity for each and every ports involved (Loadbalancer/Servers) have been throulgly checked.
View 6 Replies View RelatedI face an issue while creating source nat on cisco ACE. There is already a default source nat ip for the context. I created a new one for smtp traffic alone. Iam facing issues in prefixing the newly created nat-pool rule(nat-pool 100) above the default one (nat-pool 2257) on the external gateway interface as its not placing that on top ,due to which only the default snat ip is getting shown on all servers.
View 1 Replies View RelatedI Just deployed some of these new modules and running A4.x code. How to configure an ACE with the maximum context?
We run in tranparrent mode with 110 Contexts, we found that with a base config for each context(80 lines of code) this would only leave us with 7% of available RAM. The Device begins to shut down services @ 5%. like SSH and others.
So, Is this even possible to configure 250 contexts and still manage the device.
I need to upgrade 2 active-standby cisco ACE4710, the issue is I cannot access FTP/TFTP/SFTP server via Admin context but can be accessible via other contexts.
Can I copy the ACE system software file from FTP/SFTP/TFTP server to image: directory durectly or need some other way around ? I could see the option is available to copy ftp: to image: via other context.
is there a way to reset/clear a particular context's configuration?
I see there is a 'wri erase' within a context, but no reload/reset - neither from the context itself nor from the Admin... puzzling...
I dont want to reload an entire blade just to clear one of the context's configs.
I am desiging a topology with two Cat 6509 and Two ACE Module, one ACE per Catalyst. I am thinking to use bridge mode for the customer contexts, I would like to know if the Bridged mode is an Assymetric topology.
The server gateway is the ip address of the ACE or the Router?
Unable to see the logging message on the user context on ACE,but able to view the logging on the Admin Context.
Admin# sh logging
Message logging: none
Buffered logging: enabled (level - debugging) maximum size 1048576
Buffer info: current size - 1048576 global pool - 1048576 used pool - 1048576
min - 0 max - 1048576
cur ptr = 916918 wrapped - yes
[code]....
I am using LMS 3.1 on windows, and getting the error while logging, You don't have permission to access /cwhp/LiaisonServlet on this server.
View 8 Replies View RelatedMy router is a Dir-601 n150.Would the router possible be causing this problem? Some people say the router could possible be causing this problem.On my desktop I'm running, Windows Vista Home premium. On my laptop, I'm running Windows 7 Home premium. Both are set for Workgroup, file sharing is turned on, password protection is turned off.I have file sharing on both set to Guest. I have printer sharing turn on, which works fine.On both computers the only user is the Administrator, with this I set file sharing to Guest on both.When I use laptop to access files on my desktop, The public I can access with no problem. When I try to access the users folder I get an error message: Windows cannot access\ mane of computer-PC\Users/You do not have permission to access\ name of computer-PC Users. Contact your network administrator to request access.
View 3 Replies View Relatedwe have created some administration accounts which should only have the possibility to work on the user database. the useradmin role is to limited to create a user and set a fixed password only, but not able to enable the users authentication against a predefined external identity store. Other roles which makes this possible are far to powerful for a second level adminstrator.The adminstrator should have the possibility the create an user and set the password check against an external database. This is not possible with the predefine role "UserAdmin". Other roles do have to many rights for these users.
View 4 Replies View Related