Cisco Application :: ACE 4710 Farm Selection Based On Source IP?

Jul 5, 2011

I have a requirement to select a farm based on source IP address.  I tried creating a match all class-map that matches on the virtual-address and source address but I get this message.LB01/Admin(config-cmap)# match source-address x.x.x.75 255.255.255.255 Error: Only one match virtual-address is allowed in a match-all class-map and it cannot mix with any other match type To me this is the only place where it makes sense to set the source match criteria.

View 2 Replies


ADVERTISEMENT

Cisco Application :: ACE 4710 - Renaming Server Farm

Feb 2, 2012

Is there a way to rename a server farm, health probe, real server or virtual service without having to completely rebuild it?  I'm running 3.0(A3).

View 2 Replies View Related

Cisco Application :: ACE 4710 - SSL Configuration / (HTTPS) Access To Server Farm

Aug 31, 2011

I have been tasked to provide SSL(HTTPS) access to a server farm that will be accessible from the internet.  Is this the correct guide to follow?
 
[URL]
 
I am assuming I will need to purchase a certificate to import into the load-balance r as well.

View 1 Replies View Related

Cisco Application :: ACE 4710 Server Farm Fail-on-all Option Missing

Feb 27, 2012

ACE 4710 software A3(2.7) [code] Why is the fail-on-all option missing from the serverfarm that is of type redirect? This option is something that I would actually need in a certain situation.

View 1 Replies View Related

Cisco Application :: ACE 4710 Balance For Source?

Jun 12, 2011

I have a Cisco ACE with a server farm "intranet" with real servers rsrv1 and rsrv2 (round robin) and i have two sites A (IP Address A) and B (IP Address B) in the WAN. I want to that Site A conect to ACE 4710 via VIP, but this connection will be to srv1 and Site B conect to ACE 4710 via VIP, but this connection will be to srv2.

View 3 Replies View Related

Cisco Application :: ACE 4710 Source Ip Address In Logging

Mar 21, 2013

I've configured the ACE4710 to bring the logging to a syslog server! Here's the configuration

[...]
logging enable
logging fastpath

[Code]....
 
I saw to log with connection on the syslog server but It would be interesting to know the "source ip address" and my question is : It may be possible to configure for the logging a kind of "transparent pass through"?

View 2 Replies View Related

Cisco Application :: ACE 4710 - Source Base Policy

Jul 22, 2012

I hav ACE 4710, I am trying to configure a policy in which when specific Client tries to access the specific Destination. ACE should not send the traffic to load balancing. It should directly send to the next Hop.
 
I configred the below but didnt able to achieve my object.
 
access-list source_IP line 8 extended permit ip host 192.168.146.123 host 198.xx.xx.2
class-map match-all CM_BYPASS_SOURCE  2 match access-list source_IP
 
policy-map type loadbalance http first-match PM_L7_BYPASS_SOURCE  class class-default    forward
 
But I am not able to reach to destination. MY source traffic is still diverting to the Load balancing server. I dont want it to redirect to LB server

View 17 Replies View Related

Cisco Application :: 4710 - Bypass Traffic With Source And Destination From Loadbalancing

Jul 30, 2012

I have a requirement to  bypass some specific traffic (with particular source to specific internet destination) in ACE 4710.
 
All the webtraffic (http and https) is configured to loadbalance to my proxies , i need to configure some specific traffic with source and destiantion to internet to byepass from this loadbalancing and directly got to outside interface .

View 1 Replies View Related

Cisco Application :: Does CSS 11500 Support Stickiness Based On Source IP

Oct 29, 2012

i don't know why cu need this feature, he want stickiness based on source ip and source port.  Does CSS 11500 support stickiness based on source IP and source port?or is there any other method to support stickness based on source ip and sourceport?

View 12 Replies View Related

Cisco Application :: 4710 ACE Source-address Matching In Nested Class-maps Not Working

Sep 6, 2012

Im having a (from google-fu) seemingly unique issue with load balancing. So for background, I am running the ACE 4710 device in "on a stick" mode, so I am using NAT and all that good stuff. I am also utilizing class maps and host header matching so I can save on IP space. [code]

Basically, as soon as I add that ACL_CLASS_beta.mainsite.com class map, all I get back from the ACE is RST packets and it comes back with an L7 LB Policy Miss.
 
It SEEMS like it should work, but it doesnt seem to like matching on those source addresses at all.

View 1 Replies View Related

Cisco Application :: ACE 4710 Inline VS One-armed Based

Apr 3, 2012

I have 2 basic questions I am having doubts about it and would love to have some clarifications:
 
1) I configure in one ACE4710 (running 4.2.2) context a bridged interface and in another context the same interface, like here below : [code] Then I move to the Juniper context and I try to create an interface (either L-2 or L-3) but it doesn’t work: [code] So if I configure an interface as bridged in one Context, I cannot configure it in another context??
 
 2) If I want to migrate in context Microsoft from One-armed to inline (L-2 bridged), can I migrate one service at the time ( I.e. the config i showed above for context Microsoft, would it work also for one-armed based???)

View 1 Replies View Related

Cisco Application :: ACE 4710 Cookie Based Stickiness

Jul 23, 2012

We have ACE 4710, It is configured with IP based stickiness and working fine for a web application server (BMC Remedy). We tried configuring cookie based stickiness for the same server. Server application is having JSESSIONID.But after configuring cookie based stickiness, there is an issue that the first page is coming for entering login credentials and after entering it the page is blank or not responding.  What is the pre-requirement for configuring cookie based stickiness in ACE for BMC Remedy web application and which type of cookie based stickiness is suitable or possible?

View 8 Replies View Related

Cisco Application :: ACE 4710 - Load Balance Https Based On Url

Nov 15, 2011

I am trying to configure ACE 4710 to load balance base on the URL, If it matches the specific URL ( /456/ ), the traffic will be sent to server farm 456 else the traffic will be sent to server farm 123.
 
I attached an image of the topology.
 
Ace Config: 
 
rserver host SRV01_123
ip address 192.168.1.101
inservice

[Code].....

View 4 Replies View Related

Cisco Application :: Health Probe For RDP Farm 3389

Aug 19, 2012

I have an RDP server farm that lost a disk. The RDP service was still running but users were unable to log in. I'd like to create a health probe that does maybe a combination of TCP probe for port 3389 and something that can determine if the drive that stores user profiles is available.
 
I cannot add any new service (http or ftp) to the server. Is there any way I can check SNMP mibs on the windows server or maybe WMI through TCL?

View 1 Replies View Related

Cisco Application :: ACE4710s / HTTP Redirection To Individual Servers In Farm?

Jun 19, 2012

I am wondering if there is a method to redirect particular URLs to individual real servers in a server farm.Scenario:   We have an url which is setup on our ACE4710s (A3 2.4) to load balancer to a particular server farm as per standard setup i.e.Customers access [URL] on an external VIP, this is then load balanced to a server farm "SF_WEBSITE" consisting of 2 real servers "Server_A" and "Server_B". Nothing difficult in this set up.  However, I have eeen asked if it is possible to redirect certain urls to individual servers within the server farm "SF_WEBSITE": e.g.
 
Action 1 - Customers access [URL] is redirected to "Server_A" only

Action 2 - Customers access [URL] is redirected to "Server_B" only

Default Action - Customer access [URL] anything else is redirected to server farm "SF_WEBSITE" and is load balanced between "Server_A" and "Server_B"
 
The Standard Class Maps and Policy would be something like:
 
policy-map type loadbalance first-match SLB_WEBSITE
class class-default
  serverfarm SF_WEBSITE
 
Where I thought I would need something like:
 
class-map type http loadbalance match-all CMAP_AREA1
description CMAP used to capture specific URL for area 1
2 match http url /area1 
class-map type http loadbalance match-all CMAP_AREA2
description CMAP used to capture specific URL for area 2
2 match http url /area2

[code]...
 
I think the above method is ok for 1 instance, but if it test successfully, my company would want to to roll this out across dozens of server farm configurations each consisting of numerous real servers, which will make the administration and implementation time overheads massive, not to mention complicating and lengthening the configuration.

View 7 Replies View Related

Cisco WAN :: 7609 / 3600 - How To Set VLAN Based VRF Selection

Jan 9, 2013

I am using Cisco 7609 IOS15.0(1)S1 and Cisco 3600 IOS 15.1(2)EY.I am trying to provision VPNs over MPLS network.All I found in the documentation is how I attach a whole interface to a VRF.However, I need to be able to attach a VLAN (or any other matching criteria, for that matter) to a VRF.In other words, I want to be able to attach port 1/1 vlan 100 to VRF-A and port 1/1 vlan 200 to VRF-B.

View 1 Replies View Related

Cisco WAN :: ASA 5520 - Source IP Based Load Sharing

Jul 25, 2011

A customer has an ASA5520 and 2 ISP routers with one WAN link each, and wants to split the load over both routers based on source IP ("natted" IP on ASA). I found this excellent doc on the topic: {URL}. Using PBR to achieve this is an option I was looking at, but I have come across a possible loop doing this with 2 routers. Setup:

           -----------CE-1---------ISP-1
           |           |
           |           |
ASA55020----      HSRP |
           |           |
           |           |
           -----------CE-2---------ISP-2
 
Both Routers receive default routes via BGP, and customer networks are propagated via BGP as well (i.e. the customer can specify the return path for the traffic). The ASA5520 forwards traffic to a HSRP virtual IP for redundancy purposes. If one router or ISP fails, all the traffic should use the other router/ISP. The customer wants to specify which traffic is sent over which link, by defining nat rules on the ASA. e.g. traffic sourced from the network 10.10.1.0/24 will always use ISP 1, and traffic sourced from the network 10.10.2.0/24 will always use ISP 2.
  
My problem: if I use route-maps on both routers (CE-1 and CE-2), sending part of the traffic to the other, and one ISP link fails, in my opinion I have a loop, since part of the traffic will get sent back to the router it came from. Is there any other was to achieve my goal without using PBR? I have looked at CEF and GLBP, but I cannot seem to find a way to load share via source IP.

View 8 Replies View Related

Cisco Routers :: Srp521 Port Forward Based On Source Ip

Dec 20, 2012

I have a customer with a Sonic wall that I want to replace with a 521.He currently has port forwaring setup so that only 3 ip addresses can access the port forward.  Everyone else is dropped.  Is there a way to do something similar?I can make it work for a single one via the DMZ tab with a source ip address. but there is not a way I can find to add the allow for the other two remote connections.

View 1 Replies View Related

Cisco WAN :: Routing Based On Source Interface FE01 Series

Jun 6, 2011

I am looking for a config, as per the attached diagram, if the traffic comes from FE01  it should go via FE03 for the internet and when the traffic comes from FE02 it should go via FE04 for the internet.

View 1 Replies View Related

Cisco WAN :: 4507 - Preferred Default Route Over Another Based On Source IP

Jan 21, 2013

2 ISP's connected to a 4507, both with seperate public IP blocks. Based on some source IP addresses on the LAN they would either use ISP-A or ISB-B's connection based on what I define.

View 3 Replies View Related

Cisco Application :: Application Slowness Through ACE 4710

Mar 27, 2013

Report run via Individual Web server URL’sThe report takes less than 20 minutes (average 15 minutes) to fetch and return the data. This is observed 9 out of 10 times.Report run via ACE Load Balanced URLThe report keeps on running for more than 20 minutes and never completes. The front end keeps showing report is running.The data in general when tested directly by running queries against the database (bypassing the platform) completes in 15-18 minutesThe network connectivity for each and every ports involved (Loadbalancer/Servers) have been throulgly checked.

View 6 Replies View Related

Cisco Security :: To Restrict Remote Access VPN To ASA 5500 Based On Source

Oct 20, 2012

Is it possible to  restrict the Remote  Access VPN to  ASA based on the Source  Public IP , if so  how ? here I am not talking about the  VPN-Filter under group-policy . I Want to restrict the access from specified source  IP  (Public IP)

View 1 Replies View Related

Cisco Firewall :: 5510 NAT Port Forward Based On Public Source IP?

Dec 27, 2011

I have one public IP address but multiple local servers that run on the same port. I cannot change the port the clients use to connect to this server, so I can't do a port map in my NAT router. The solution I had in mind, is to filter on source address. If a client from public IP X.X.X.X connects to port Z, I want it to go to internal server 10.10.10.10 and if a client from public IP Y.Y.Y.Y connects to port Z, I want it to go to internal server 10.20.20.20. Is this possible? I'm using an ASA5510 but I could also switch to a 5505 for this.

View 3 Replies View Related

D-Link DIR-825 :: Cannot Connect To Any Servers In Valves Source-based Games

Apr 2, 2011

Hardware version: A1
Firmware version: 1.01

Basically, I cannot connect to any game servers when I am connected through this router. I used my Android to tether into 3G internet and was able to connect without any issues so it's not OS-side at all.  I've tried many settings arbitrarily one at a time, checking each time to no avail. Is there a particular setting that is screwing with this game? I've got the ports (27000-27100 TCP/UDP) forwarded and I've used a Port Checker tool to verify that they are open. Obviously it's something in the router that is blocking the connection..but what else is there to try?

Should I finally flash the 1.13NA firmware?

View 1 Replies View Related

Cisco Application :: CSS11500 Balance Using IP Source?

Jun 13, 2011

I am not able to find information of how to configure a balance in CSS11500 depending of the IP source. I want to do the next:
 
Site A : 192.168.1.0/24
Site B : 192.168.2.0/24
 
Both sites access to the same VIP: http://vip_balnace_IP but depending of the source the should be balanced to diferentes servers.
 
Site A -> VIP_balance -> server1
Site A -> VIP_balance -> server2
 
how to do that?

View 2 Replies View Related

Cisco Application :: Hairpinning On CSS 11503 When Using Source Groups?

Jun 26, 2011

I'm not sure if my terminology is correct when using hairpinning but i was wondering if there is any special config needed when you try to access a content rule VIP from a server that's configured as a member of a source group on the same CSS?
 
So say i have a content rule with a VIP 20.20.20.20 and i also have two servers 192.168.1.1 and 192.168.1.2 that are part of a source group with VIP of 20.20.20.21. My problem at the moment is if from the servers 192.168.1.x i try to ping the other VIP 20.20.20.20 that's configured on the same CSS then it doesn't work and ping fails. The same happens with HTTP traffic to the 20.20.20.20 VIP.
 
I would have thought that the NAT of the source group would happen before the routing so the 192.168.1.x IP's would be natted to 20.20.20.21 and then passed over for routing where the CSS would see that the VIP 20.20.20.20 is local and it would send it on it's way.
 
I thought it might be ACL related but i increased the verbosity of acl logging and couldn't see anything in the logs.The source group works fine on it's own and from the CSS itself i can ping the 20.20.20.20 VIP fine. It just seems that from the source group members i can't ping the VIP.

View 1 Replies View Related

Cisco Application Networking :: ACE A2 (3.4) - Set A Rate-limit Connections Per Sec From Any Source IP

Jan 28, 2012

ACE A2(3.4). Is it possible to set a rate-limit connections per sec from any source IP. For example, if a client is trying to GET a web page 10 time per sec I will send a reset or drop that connection.

View 1 Replies View Related

Cisco Application :: How To Install New 4710 Ace

Feb 2, 2013

i'm looking for a recommendation for a setup guide including ft i've had a quick look a wiki and i can get basics but i'm not sure about if i need to setup additional contexts etc when i'm the only one using the appliance?

View 2 Replies View Related

Cisco Application :: DNS Rewrite On ACE 4710?

Aug 26, 2012

I have an issue with a customer that wants to update a server behind the ACE. The problem is that when the application wants to update the server it does it with the name.Doing some research I found that you can rewrite the record DNS based on the static NAT you set up on the ACE. The feature is called DNS inspection. Is the same feature as the ASA (DNS doctoring).I apply it to the outside interface and it did not work.

View 1 Replies View Related

Cisco Application :: ACE 4710 / What Are These Ports Used For

May 7, 2013

What are these ports used for? What can I do with them?

View 2 Replies View Related

Cisco Application :: ACE 4710 - What Does The Ip-netmask Mean

Feb 12, 2013

I am trying to configure sticky on an ACE 4710 and don't understand what the netmask part of the sticky ip-netmask netmask address {source | destination | both } name command.
 
Some examples use 255.255.255.255 and others use 255.255.255.0 but I don't know what the significance is or what it does?
 
I am going to configure for both source IP and destination IP (both).

View 2 Replies View Related

Cisco Application :: ACE 4710 Lic Performance

Mar 19, 2012

With the current (A5) ACE 4710 lic setup, does the "X gigabit per second appliance throughput" that is licensed affect: -
 
A)  Only "appliance" i.e. load balancing traffic, any other normal routed traffic is not included in the limit
 
 or
 
B) Is it an overall throughput limit on the interfaces i.e. includes all traffic not only load balancing traffic but also normal routed traffic crossing the appliance
 
Looking at a scenario where the lic size I need for HTTP load balanacing would be one size if  A) but would need to be much larger is B) to accomodate out of hours routed backup traffic crossing the ACE 4710

View 1 Replies View Related

Cisco Application :: ACE 4710 Not Booting?

Aug 27, 2012

I've just run the ACE 4710 and it seems that is booting up well but it stops when 'Setting up dynamic memory size' message appears.
 
INIT: version 2.85 booting
b4 lspci
1 Cavium device(s) found.

[Code]....

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved