Cisco Application :: ACE10 Dynamic Port Range

Feb 3, 2013

the dynamic port range server load balancing supported for MS Exchange 2010

View 1 Replies


ADVERTISEMENT

Cisco Application :: IOS Upgrade For ACE10-6500-K9

Oct 14, 2011

I have ACE10-6500-K9 installed in 6513 core switch with below mentioned sh version.
 
Software
loader:    Version 12.2[121]
system:    Version A2(2.0) [build 3.0(0)A2(2.0)]
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_2_0.bin

[Code].....
 
I want to know that can i upgrade ACE10-6500-K9 to c6ace-t1k9-mz.A5_1_0 i.e version5 ? I tried to search cisco website but could not get proper upgrade or user guide.

View 2 Replies View Related

Cisco Application :: ACE10 Version A2(3.6a) - Activate XML API Management?

Sep 18, 2012

We are using several contexts for each customer in our ACE module.One of the customer contexts needs to activate XML API to control their services.I've tried to activate it, but cannot get any http response, what can be missing?ACE10 version A2(3.6a)
  
class-map type management match-any HTTP-ALLOW_CLASS
  2 match protocol http source-address 10.110.0.0 255.255.254.0
  3 match protocol http source-address 10.60.208.80 255.255.255.248
class-map type management match-any HTTPS-ALLOW_CLASS
  2 match protocol https source-address 10.110.0.0 255.255.254.0
  3 match protocol https source-address 10.60.208.80 255.255.255.248

[code]....

View 3 Replies View Related

Cisco Application :: ACE10-6500-K9 Supporting C6500 IOS

Dec 7, 2011

It seem that ACE10 not support 12.2(33)SXJ1 IOS running on C6500. The box cannot detect the ACE module when power up. Currently the ACE10 running on system A2(30).
 
My challenge i have the ASA SM that compulsary to run on 12.2 (33) SXJ1 version. How to let these 2 module can running on the same C6500 box?

View 1 Replies View Related

Cisco Application Networking :: Catalyst 6509 - ASN Traffic Ace10 Module

Aug 26, 2012

I trying configure ASN traffic load balance, but doesn't works.I have one Cisco Catalyst 6509 and onde Cisco Ace10 module, in my context "PanWEB" i have the interfaces above: [code] If i try to establish a telnet session(telnet 10.96.202.10 80) i see the SYN packet passing through the ACE and going to the real server, but, the server do not response the SYN packet. I done a capture in the server using wireshark and could see that the IP address of the destination is the VIP and not the rserver ip address , this is a problem? Why can not I have the SYN + ACK from the server?

View 5 Replies View Related

Cisco Application :: ACE10-6500-K9 / How Static Entry Under Sticky Performs

Jul 26, 2011

how a static entry under a "sticky" performs Configuring Static IP Address Sticky Table Entries Cisco Documentation Says When you configure a static entry, the ACE enters it into the sticky table immediately. Configuring the ACE Action on Server Failure failaction purge # The purge keyword specifies that the ACE remove the  connections to a real server  if that real server in the server farm  fails after you enter the  command. The ACE sends a reset (RST) to both  the client and the server  that failed. Cisco Documentation Says If you do not configure this command, the ACE takes no action when a server fails
 
sample config
sticky ip-netmask 255.255.255.240 address source STICKY1
timeout 180   replicate sticky   serverfarm SERVERFARM1   8 static client source 192.168.12.15 rserver SERVER1
  
Question1 - What happens if SERVER1 fails?
 
a) Does the ACE let the connections to SERVER1 timeout(default behaviour) and then load-balance new connections coming in deom 192.168.12.15 to another server in SERVERFARM1

ORb)  Does the ACE reset the connections to SERVER1  immediately and starts  load-balancing new conenction coming in from  192.168.12.15 to other  servers in SERVERFARM1 ?

ORc) Does the ACE just drop the current and new connections from 192.168.12.15 till SERVER1 comes back up ?

OR d) Is it dealt differently?
 
Question2 - Now what happens if the failed server(SERVER1) comes back up after some time?
 
e) Does the ACE reset any current connections from 192.168.1.15 and starts sending them to SERVER1 ?

ORf)  Does the ACE leave the current connections from 192.168.1.15 to other  servers in SERVERFARM1 as they are and send any new connections
from 192.168.1.15 to SERVER1?

ORg) Is it dealt differently?
 
My guess is Question1 -> a) and Question2 -> e)
 
ACE model =  ACE10-6500-K9
Version =  A2(3.3) 

View 4 Replies View Related

Cisco WAN :: Simple Static NAT Overlapping Dynamic Internal Range On 5505?

May 21, 2011

I wanted to move to the cisco arena, and having a bugger of a time figuring out simple nat/pat rules combined with access lists. I've been reading Richard Deal's Cisco ASA configuration book, googling the heck out of this simple problem and can't see what I'm missing.
 
I have an ASA 5505 unlimited security plus license running 8.2(3) and a simple network, 192.168.0.x internal, 192.168.3.x dmz (not even touching that yet!) and outside I have a /29 subnet of addresses, 25 is the gateway, and 26-30 are my addresses.
 
I have simple dynamic nat set up on the .26 address to nat to 192.168.0.x. All I'm trying to do is port forward a simple tcp port I set for my linux server (192.168.0.2) on the inside, for arguement's sake, it's 2222 (it's not really). My outside vlan 50 is X.X.X.226 255.255.255.248 , can I make a static nat (inside,outside) x.x.x.226 192.168.0.2 netmask 255.255.255.255 ?
 
I tried using (inside,outside) x.x.x.230 192.168.0.2 netmask 255.255.255.255 and that didn't work either. Is it not possible to use two external addresses to hit the entire /24 range AND a single server?
 
My access rule for this nat is permit tcp any 192.168.0.2 eq 2222 (where I'm using 2222 for my ssh port). then I apply that access list to the access group interface "outside".
 
I thought the outside interface would do a proxy arp (since I do not have the sysopt noproxyarp command) for my 227,228,229, and 230 addresses where .226 is my internal nat for all my internal machines i.e. 192.168.0.1 -> x.x.x.226 . I had this working like a charm before with my fortinet, so I know I have systems listening.

View 3 Replies View Related

Cisco Application :: Configuration Generated By Dynamic Tools For Nexus Bundle N5K-C5548UP-B-S32

Sep 26, 2011

I found this reference  DCNM-L-NXACCK9  in the configuration generated by a dynamic Tools for a nexus  bundle N5K-C5548UP-B-S32. This reference is  not reflected in the price list. Has it been replaced? no datasheet  on Cisco portal.

View 2 Replies View Related

Cisco Switching/Routing :: 1921 - Dynamic Port Forwarding With PAT

Feb 29, 2012

How can I implement this with Zone-based Firewall on my 1921?
 
I'm looking for something as simple as the port triggering function on a Linksys or Netgear router.

View 4 Replies View Related

Cisco Firewall :: ASA 5520 - Inspection Of MSSQL Dynamic Port

Jun 5, 2012

I need to allow traffic between webserver in dmz and mssql (Microsoft SQL Server 2008).MSSQL use dynamic port (now it is 63796) and this cannot be changed.
 
Basically, I can allow such traffic using next configuration:access-list dmz extended permit tcp host 1.2.3.4 host 5.6.7.8 eq 1433access-list dmz extended permit udp host 1.2.3.4 host 5.6.7.8 eq 1434 access-list dmz extended permit tcp host 1.2.3.4 host 5.6.7.8 eq 63796
 
But, I would like to add mssql inspection and I did the next:
 
class-map class_sqlnetmatch port tcp eq 1433policy-map global_policyclass inspection_default  inspect dns preset_dns_map   inspect ftp   inspect h323 h225   inspect h323 ras   inspect ip-options   inspect netbios   inspect rsh   inspect rtsp   inspect skinny    inspect esmtp   inspect sqlnet   inspect sunrpc   inspect tftp   inspect sip    inspect xdmcp class class_sqlnet  inspect sqlnet service-policy global_policy global
[Code] ..........

View 1 Replies View Related

Cisco Infrastructure :: ACE10 IOS Information Required

Mar 21, 2011

I tried to find the EOL or EOS of the IOS A2(1.6a) of our ACE10-6500-K9 module.what to do ?

View 1 Replies View Related

Cisco Switching/Routing :: Port Security Dynamic Configuration On Catalyst 3560xPOE

Oct 2, 2012

I have connected a 10BaseT device to a CISCO Catalyst 3560xPOE switch with dynamic port security.  All seems to work fine when the distance between the two devices is closer then 200ft.  When I connect to 10BaseT devices farther out near 300ft the response from the attached device is lost. It works ok on unmanaged switches at the longer distance. Is there a minimum response time from attached devices for dynamic port security to work properly?  Is there any other explanation why it would work on cheaper switches, but not on the Port Secured Switch?

View 2 Replies View Related

Cisco Firewall :: ASA 8.4 Forwarding Port Range?

Oct 30, 2012

I need to open port range 554 - 558 to a DVR on the internal network. Also, I need to NAT one of my public IP's to the DVR. How is this accomplished in 8.4? I was able to do it in an older version ASA software.

View 3 Replies View Related

Cisco WAN :: Port Range Forwarding On 1811?

Mar 23, 2006

I’m having serious issues getting Tandberg H.323 working behind this router with NAT.
 
My setup is Cisco 1811 configured with Fas0 to pull DHCP (public address). This router is being used in a mobile medical clinic VAN so the setup needs to be seamless and transparent to the users. The idea with the DHCP is anywhere they go they could pull a DHCP address and then NAT behind that address. The van visits mostly small schools in the Texas Rio Grande Valley providing medical assistance and consulting to the local community. The router has an 8 port built in switch and all ports are sitting in default VLAN 1.
 
Basic stripped down config, only relevant commands listed…
 
ip dhcp excluded-address 10.0.0.1 10.0.0.4
 
ip dhcp pool VANnet
network 10.0.0.0 255.255.255.240
default-router 10.0.0.1
dns-server 10.0.0.1(code)

Now initially I can’t even get the call to connect with just using the ports above, which I should. Also knowing there are several issues with H.323 and NAT I went ahead and added all know ports Tandberg says they use…
 
80 HTTPd *TCP
443 HTTPs TCP
1719 H323/RAS UDP
1720 H323/Q931 *TCP
2326-2373 (2837)** H323/RTP UDP
5555-55xx (5587)** H323/H.245/Q.931 TCP
 
Basically I created static NAT entries for all the ports and the ranges above. For the ranges I had to add a line for every port.
 
This didn’t and hasn’t worked yet even with some additional tweaking… Finally the question… am I going about this all wrong? Is there an arrangement of commands that will even work? How can I accomplish the port forwarding setup on a Linksys/Netgear router on a real Cisco router?

View 9 Replies View Related

Cisco Switching/Routing :: ACE10 HTTP Error Page Not Found

Dec 14, 2011

I want to load balance between two webservers using ACE10 working in bridging mode, but when putting the VIP in the url i'm getting page not found, tried many configurations but didn't work, here is the latest one
 
logging enable
logging buffered 7 
access-list ALL line 8 extended permit ip any any

[Code].....

View 4 Replies View Related

Cisco Firewall :: Port Forwarding A Range Of Ports (PIX 6.3)

Dec 5, 2012

I have a network with multiple servers behind a PIX with 6.3 on it. I have one public IP address, and I'm using NAT. I'm currently trying to port my Exchange server to a cloud host, and the vendor is requiring I open up a wide range of ports for MAPI, basically ports 1024 on. What would be the command to forward all of the trafic cominto/from that broad range? if I could simply route all trafic to and from their two IP addresses to my email server, that would accomplish the same end goal.

View 3 Replies View Related

Cisco Switching/Routing :: 881 To Do Range Port Forwarding

Jan 21, 2013

I have a Cisco 881 router in my office and I would like to do port forward for port 5060, and 10000 - 20000 to my PABX(192.168.1.61). After I did some research from internet, understand that we need to NAT by using following command to do port forward for port 5060. ip nat inside source static udp 192.168.1.61 5060 XXX.XXX.XXX.XXX(WAN IP) 5060 extendable However, now I'm facing an issue to perform port forward for a huge range of ports like 10000 to 20000.

View 9 Replies View Related

Cisco Infrastructure :: 1941 Opening Port Range For IP

Jul 1, 2011

I have a LAN with Cisco 1941 as the only router with NAT that connects it to the internet, with a single public IP. There are many gamer users, and they complain that Call of Duty Modern Warfare 2 sees our network as "strict NAT", while for full gaming experience it needs "open NAT". After a small research I have found out that CoD needs certain port ranges to be forwarded to LAN IPs. Well, I know how to forward a range of ports to a single IP, but how is it possible to forward a port range for all the IPs in the LAN?

View 1 Replies View Related

Cisco Routers :: RV220W Forwarding Port Range?

Sep 4, 2012

How can one forward a range of ports?
 
Suppose I have defined the following service:
 
Service: TEST
Port type: UDP
Starting port: 5060
Ending port: 5070
 
and I want to forward it to a specific IP. Then, if I create a new port forwarding rule for this service it asks me to specify a single port number to be used internally as:
 
Action: Always Allow
Service: TEST
Source IP: Any
Destination IP: 10.0.0.100
Internal Port: ?
 
I want to forward all ports from 5060 to 5070 to the internal range 5060 to 5070.

View 4 Replies View Related

Cisco Firewall :: How To Configure NAT Port Range On ASA 5510

May 22, 2012

i have a cisco asa 5510 and would like to add a NAT rule for a range of ports like 50000-59999

View 15 Replies View Related

Cisco Firewall :: Opening Port Range ASA5505

Mar 26, 2013

I just bought a Cisco ASA5505. I'm trying to opening a port range through CLI, but it doesn't seem to be working.
 
Background:I have an FTP Server running behind the firewall and need to allow port ranges 30000-30100 for data connections.  I have been using FTP through the command prompt and its working. However, I cannot use it through the FileZilla client as it fails to query the directories.  I have the ASA forwarding to port 1125 from 21 in passive mode.
  
Access-List:
access-list Outside_Access_In line 3 extended permit tcp any any eq ftp-data (hitcnt=0) 0xfa8ed43d
access-list Outside_Access_In line 4 extended permit tcp any any eq ftp (hitcnt=17)

[Code].....

View 14 Replies View Related

Cisco Routers :: RV 120W - Port Forwarding Range

Sep 12, 2011

I am not a tech guy but have to take care of some basic IT stuff. I had Ether fast cable/DSL router and it got changed with RV 120W router. there were comment that internet is now working slowly - what could be the reason for this?
 
I copied most of settings. First big technical problem was with phone. It stopped working - call could get through but when answered there was no sound. We use linksys modem for VoIP. I called operator and was told to disable sip alg. I did that and service improved a little. When answering a call sound could get through but would stop for few moments and then continue. Operator told me to forward port 16384 to 16482 to VoIP modem IP. But I can only set forwarding for one port at the time in "Port forwarding" settings. Is there a way to forward to port range?

View 4 Replies View Related

Cisco WAN :: 887VA NAT Port Range And Multiple Servers

May 22, 2013

I am struggling to get our 887VA setup for our config.
 
We have a public IP range from our ISP and we have multiple servers behind our router. One of the servers need large ranges of ports open so I have ended up trying to use a ‘rotary’ nat pool which works fine but I cannot get the other servers to NAT correctly on their ports. It seems the rotary takes over.
 
Here is a snip of my config.
 
interface Ethernet0no ip addressshutdown!interface ATM0no ip addressno atm ilmi-keepalive!interface ATM0.1 point-to-pointpvc 0/38  encapsulation aal5mux ppp dialer  dialer pool-member 1!!interface FastEthernet0description Private LANno ip

[Code].....

View 1 Replies View Related

Cisco Firewall :: 5505 - NAT Port Range For Sip Server

Feb 7, 2013

: Saved
: Written by enable_15 at 03:51:29.049 UTC Mon Feb 4 2013
ASA Version 8.4(4)1
host name cisco asa
enable password xxxxx encrypted
password xxxxx encrypted
names
interface Ethernet0/0
switch port access v lan 100
interface Ethernet0/1
interface Ethernet0/2
[code]...

View 2 Replies View Related

Cisco Firewall :: Port Range Forwarding On Post 8.3 ASA5505

Jun 1, 2011

I have an ASA 5505 on a job. It is a smaller business that would have done better with an RV082, but they have what they have. It is running firmware 8.4. The client needed ports forwarded for their FTP server. The port range in this config is tcp 43333-43339. The FTP server ip is 192.168.1.2. [Code] ......

View 8 Replies View Related

Cisco Firewall :: 1811 NAT Port Range From Loop Back

Feb 19, 2013

I need to NAT a port range spanning from TCP and UDP 50,000 to 59,999 from inside global address 58.96.x.x on loopback2 to an inside local address of 192.168.5.5.Currently all the existing NAT translations are 1-to-1 that map inside global addresses on a wide span of Loopbacks and a Dialer Interface to inside local addresses on few subnets which are fine.I'm using an 1811 with an ADVIPSERVICESK9-M image, version 12.4(6)TS

View 1 Replies View Related

Cisco Switching/Routing :: Router 881 Range Port Forwarding

Apr 3, 2012

I have a Cisco 881 router in my office and I would like to do port forward for port 5060, and 10000 - 20000 to my PABX(192.168.1.61).After I did some research from internet, understand that we need to NAT by using following command to do port forward for port 5060.
 
ip nat inside source static udp 192.168.1.61 5060 XXX.XXX.XXX.XXX(WAN IP) 5060 extendable.However, now I'm facing an issue to perform port forward for a huge range of ports like 10000 to 20000.It is impossible to ask me add one by one?

View 3 Replies View Related

Protocols / Routing :: SIP Trunk Port Range (VOIP)

Aug 14, 2012

I've recently set up a PC-based IP PBX in our small business which uses a SIP Trunk for up to 3 simultaneous voice calls. Ports needed to operate include 5060 (SIP-UDP) and then a huge range of high-number UDP ports which I believe is for the 'media' or audio. Let's call the range UDP 49,152 to 64,512. I only know a little about the SIP protocol but my understanding is that each call will randomly use a few ports from this range across which will pass audio, Is there a need to have such a wide range of ports open? If my SIP trunk is only capable of 3 simultaneous calls then it seems only 9 or so of those open ports could get used at once. Could I not just open, say a range of 100 ports and be fine, thereby reducing the security risk?

View 4 Replies View Related

Routers / Switches :: Port Range Overlap With Remote Manage?

Jan 20, 2011

I am trying to Port Forward HTTP: 80, but my Router wont let me and it keep giving me this error message Status: Port Range Overlap with Remote Management.I have a NETGEAR CG814GCMR Router, I need to add that port for setting up a Game private server online, but my router wont let me, how to fix it?

View 12 Replies View Related

Linksys Wireless Router :: Port Range Forwarding On Cisco DPC3827 DOCSIS 3.0

Jan 26, 2013

I'm trying to make the server work for minecraft and I have the port number for the port which is 25565.I just need to know where exactly to enter this information. I also know that the protocol is supposed to be set for both tcp/udp.
 
So basically I guess my question is, where exactly do I put the port number if the one given to me was 25565?

View 2 Replies View Related

Cisco Firewall :: 3845 - Open Port Range On Secondary IPs On Router Interface

Feb 12, 2013

I have 4 public IPs on Router 3845 interface FastEthernet 0/0/1. IP as below.
 
50.200.2.2
50.200.2.3 secondary
50.200.2.4 secondary
50.200.2.5 secondary
 
I wan to allow ports 80 to 90 on 50.200.2.3 for my webserver (192.168.10.50)

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Time Range / Allow Single Port During Business Hours Only

Apr 1, 2012

I'm new to an ASA 5510 running 8.4(3) and am trying to figure out something regarding time ranges in ASDM. I simply want to allow a single port during business hours only (I'm not concerned about open sessions needing to be closed). So as an example I add a rule something like:
 
(RULE1 on the internal interface) SRC=INTERNAL DEST=ANY SERVICE=RDP ACTION=PERMIT with a time range set for weekdays 8:00-16:59. I did a test after 5pm on a weekday and was still allowed to do RDP to a server (from INTERNAL), and after using the packet trace tool saw it was still passing through due to a rule a couple lines down (rule 4) that allowed a port range that happened to include port 3389. So my question is if I specify an "allowed" time range and someone attempts access outside that time range, why doesn't it drop it right there? I guess I'm assuming that anything outside the "allowed" time range would be dropped but that doesn't seem to be the case. I'm also assuming the rule base is processed top to bottom.

View 2 Replies View Related

Cisco Application :: ACE 4710 - SSL Over Port 80

Aug 11, 2012

I've got a web app that the owners want to run over port 80, but also using SSL to secure private data in transit.  The architecture is an ACE 4710 in SSL termination mode->Apache (port 2000)->Back-End app server.
 
I've got two VIPs set up already - one on port 443 and one on 2000 - both of which do the SSL termination quite nicely, but using the 3rd VIP set up on port 80, the connection steadfastly refuses to be HTTPS (i.e. doesn't show the padlock).
 
I've done all the set-up through the web interface so far, can this be done? If so, how?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved