Cisco Application :: ACE10 Version A2(3.6a) - Activate XML API Management?
Sep 18, 2012
We are using several contexts for each customer in our ACE module.One of the customer contexts needs to activate XML API to control their services.I've tried to activate it, but cannot get any http response, what can be missing?ACE10 version A2(3.6a)
class-map type management match-any HTTP-ALLOW_CLASS
2 match protocol http source-address 10.110.0.0 255.255.254.0
3 match protocol http source-address 10.60.208.80 255.255.255.248
class-map type management match-any HTTPS-ALLOW_CLASS
2 match protocol https source-address 10.110.0.0 255.255.254.0
3 match protocol https source-address 10.60.208.80 255.255.255.248
[code]....
View 3 Replies
ADVERTISEMENT
Oct 14, 2011
I have ACE10-6500-K9 installed in 6513 core switch with below mentioned sh version.
Software
loader: Version 12.2[121]
system: Version A2(2.0) [build 3.0(0)A2(2.0)]
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_2_0.bin
[Code].....
I want to know that can i upgrade ACE10-6500-K9 to c6ace-t1k9-mz.A5_1_0 i.e version5 ? I tried to search cisco website but could not get proper upgrade or user guide.
View 2 Replies
View Related
Feb 3, 2013
the dynamic port range server load balancing supported for MS Exchange 2010
View 1 Replies
View Related
Dec 7, 2011
It seem that ACE10 not support 12.2(33)SXJ1 IOS running on C6500. The box cannot detect the ACE module when power up. Currently the ACE10 running on system A2(30).
My challenge i have the ASA SM that compulsary to run on 12.2 (33) SXJ1 version. How to let these 2 module can running on the same C6500 box?
View 1 Replies
View Related
Aug 26, 2012
I trying configure ASN traffic load balance, but doesn't works.I have one Cisco Catalyst 6509 and onde Cisco Ace10 module, in my context "PanWEB" i have the interfaces above: [code] If i try to establish a telnet session(telnet 10.96.202.10 80) i see the SYN packet passing through the ACE and going to the real server, but, the server do not response the SYN packet. I done a capture in the server using wireshark and could see that the IP address of the destination is the VIP and not the rserver ip address , this is a problem? Why can not I have the SYN + ACK from the server?
View 5 Replies
View Related
Jul 26, 2011
how a static entry under a "sticky" performs Configuring Static IP Address Sticky Table Entries Cisco Documentation Says When you configure a static entry, the ACE enters it into the sticky table immediately. Configuring the ACE Action on Server Failure failaction purge # The purge keyword specifies that the ACE remove the connections to a real server if that real server in the server farm fails after you enter the command. The ACE sends a reset (RST) to both the client and the server that failed. Cisco Documentation Says If you do not configure this command, the ACE takes no action when a server fails
sample config
sticky ip-netmask 255.255.255.240 address source STICKY1
timeout 180 replicate sticky serverfarm SERVERFARM1 8 static client source 192.168.12.15 rserver SERVER1
Question1 - What happens if SERVER1 fails?
a) Does the ACE let the connections to SERVER1 timeout(default behaviour) and then load-balance new connections coming in deom 192.168.12.15 to another server in SERVERFARM1
ORb) Does the ACE reset the connections to SERVER1 immediately and starts load-balancing new conenction coming in from 192.168.12.15 to other servers in SERVERFARM1 ?
ORc) Does the ACE just drop the current and new connections from 192.168.12.15 till SERVER1 comes back up ?
OR d) Is it dealt differently?
Question2 - Now what happens if the failed server(SERVER1) comes back up after some time?
e) Does the ACE reset any current connections from 192.168.1.15 and starts sending them to SERVER1 ?
ORf) Does the ACE leave the current connections from 192.168.1.15 to other servers in SERVERFARM1 as they are and send any new connections
from 192.168.1.15 to SERVER1?
ORg) Is it dealt differently?
My guess is Question1 -> a) and Question2 -> e)
ACE model = ACE10-6500-K9
Version = A2(3.3)
View 4 Replies
View Related
Apr 25, 2012
Am trying to replicate the managment interface functionality of a CSS on ACE 4710 but have problem with it being treated as a general routed interface.
Scenario
On ACE 4710 I have a front-end interface for client facing VIPS and a back-end interface facing a server farm, taking care of load balancing flows
Non load-balance system traffic for the back-end servers also flows through these two ACE interfaces, following a default route path (the back-ends use the ACE as default gateway) i.e. dns requests from the servers flow through the ACE egressing the front-end interface to hit a firewall and route to an internal dns server.
Issue
If I add a "management interface" to the ACE 4710 and give it an IP address for management access, the interface by default assumes 'routed' mode and as the ACE treats this as a general interface it will route traffic out of it. For example if the IP address of this management interface is on the same network as the internal dns server, it breaks that connectivity. This as the ACE will see the "management" interface as best route to directly connected network and send traffic to dns server over that, however dns server response traffic will follow its defult route path via firewall and ACE front-end interface to get reply to back-end server. The firewall will block this traffic as traffic is asymmetrically routed and firewall not seen the initial dns request packet.
Question
Is there a way of making an ACE interface a 'non routed' management only interface for out of band management use? That is ACE will not attempt to route general traffic through the interface
I realise I could achieve this with multiple contexts but want to have a single context for various reasons - i.e. to have a kind of like for like CSS replacement using ACE 4710
View 3 Replies
View Related
Jun 11, 2012
I am new to the ACE30. I a basic configuration from the CLI and I am trying to use the device manger. I am able to get to the web informational page rather then accessing the login page. I have rest the password for both the admin and www and still no go. my question is how to go into enabling the GUI access.
View 1 Replies
View Related
Nov 16, 2011
I would want to create an inband management (in case of we are a issue on OOB mgmt, i means to have a 2960 HS) on Nx7010 chassis without M1 card (only F1 cards - layer 2). I could create a interfce vlan but the status of the interface is down/down.
I have an other 2 x Nx7010 pair with M1 card ; for this pair, i can connect the interface ; the inband interfaces is up/up.I have also 2 x Nx5596 pair ; for these boxes, i can connect the interface ; the inband interfaces is up/up.Do you know a solution to get 1 interface vlan up/up on chassis 7010 without M1 card in order to have an inband connexion ?
View 2 Replies
View Related
Sep 9, 2012
We've got pairs of ACE30s in our data centers set up with active/standby FT. Some time yesterday the active ACE in one data center started refusing management traffic - it accepts SSH connections but fails authentication (local password, no RADIUS/TACACS is configured); and ANM reports it as down (no XML connectivity),We haven't opened a TAC case yet - someone's on his way over to see whether we can get in through the serial port first - but I'm wondering whether there are any other diagnostics we can gather (will resetting the module form the Sup force a coredump?) before we do.
View 2 Replies
View Related
Jan 21, 2012
I have an HA ACE deployment and all seemed to be working well until I tried to access the ACE via the management VLAN in the one non-system context, no go.The ACE is in one-armed mode with an Admin/System context and one user context (named Messaging). Source NAT has been set up in the user context. All VLANs are in a port channel back to the core switches.I can access the ACE via the Management VLAN in the system context, all OK. I can access the load-balanced servers via the VIP in the user/Messaging context, all OK. I CANNOT acccess the managment VLAN other than ping it (resonds to ping, but telnet, ssh, https, etc. fails).The system/Admin context has a default route to the Management VLAN on the core. The User/Messaging context has a default route to the core switches on VLAN 5, which is the VLAN where the VIP resides.If I change the default route in the User/Messaging context to the Management interface on the core switches then I can access both contexts for management, but then the load-balancing falls over and I cannot access the serverfarm (via the VIP). Traces on the rservers show that NAT is being hit on the ACE and the requests are coming from the real IP of the clients. Put the default route back to the User/Messaging VLAN on the core and NAT is back to what it would be expected to be, and then remote/management access to the ACE is gone.
ACE02/Admin# sh run
Generating configuration....
logging enable
logging standby
logging timestamp
logging buffered 4
logging device-id context-name
[code]....
View 1 Replies
View Related
Jun 25, 2012
I am looking at management (backup of the configuration) of the ACE 4710 running A4.1, the management software is Cisco Cirrus. The question I have is around the management of the context's, I have a backup of the Admin but would like the user context's also, how this is completed.
View 3 Replies
View Related
Dec 18, 2011
I have a problem configuring URL redirect on ACE 30 (Version A4(1.0)).When a user enters IP address or a name of a service [URL], the ACE module should redirect him to the page [URL]. Here is my non-working config:
access-list OUTSIDE line 8 extended permit tcp any any eq https access-list OUTSIDE line 16 extended permit tcp any any eq www access-list OUTSIDE line 24 extended permit icmp any any
probe http Test_HTTP_1 port 80 interval 60 passdetect interval 30 passdetect count 2 request method head url /index.html expect status 200 200 open 1
rserver redirect URL_Redirect_01 webhost-redirection [URL] 302 inservicerserver host S1 ip address 10.0.0.2
inservicerserver host S2 ip address 10.0.0.3
[code]....
it works, ACE load balances to rservers. Of course, user must enter full url.With redirection configured, user recieves HTTP url redirect message with correct address [URL], but his browser does not display the page. Even directly entered full url does not display it while redirection is configured.Alternatively, does ACE30 already support url rewrite?
View 8 Replies
View Related
May 17, 2011
My setup is :
Source--- Router 1 ( ip 1.1.1.1) --ACE---router---cloud---customer---router--destination( ip 99.99.99.99).
Traceroute from client to destination shows the following:
traceroute 99.99.99.99
traceroute to 99.99.99.99 (99.99.99.99), 30 hops max, 40 byte packets
1 1.1.1.1 (1.1.1.1) 1.10 ms 1.78 ms
2 99.99.99.99 (99.99.99.99) 1.01 ms 1.97 ms 2.511 ms
3 99.99.99.99 (99.99.99.99) 2.01 ms * 99.99.99.99 (99.99.99.99) 2.330 ms
[code]....
So on this, the destination is 99.99.99.99.The first hop is the default gateway, which is 1.1.1.1.After that, the next step is the Cisco ACE.After that there are several hops to the destination.Looks like for some reason the Cisco ACE is not recording his ip.( For any destination traceroute result is the saame.ICMP is allowed in the access list and also ther is ICMP inspect in my config. access-list ICMP line 10 extended permit icmp any
class-map type management match-any abc
201 match protocol ssh source-address X.X.0.0 x.x.0.0
class-map match-all ICMP_allow
2 match access-list ICMP
[code]....
Version running on ACE is Version A2(3.3)
View 1 Replies
View Related
May 17, 2012
ACE version A2(3.6) is no longer available on CCO. Replaced by A2(3.6a).
1. Is version A2(3.6) a problematic version? If so, suggestion is to implement A2(3.6a) or revert to version A2(3.5)?
2. If ACE version A2(3.6) is OK, on ANM version 5.2, will this support this ACE version? It is not listed in SDT for ANM 5.2, just need confirmation.
View 2 Replies
View Related
Mar 18, 2012
I see several code versions that seem to support on ACE30.Is A2.3.4 Or A2(3.5) that latest version for ACE20-MOD-9?Will the version 4 or 5 run on ACE20?I currently user A2(3).
View 3 Replies
View Related
Sep 18, 2011
I am installing the Demo version of ANM 4.3 on a virtual machine.The install was successful, however when i try to import the demo licence from my laptop to the server it does not allow me to tftp the file to the server.[URL]
View 1 Replies
View Related
Feb 5, 2012
disable telnet for ACS 1120 Appliance version 5.0.0.21 .is there anway to do it , not able to login via telnet and ssh it says wrong credentials but webgui is working fine with same user and password.
View 1 Replies
View Related
Jun 28, 2011
I have a CAS array for Exchange 2010 configured to loadbalance on my Cisco ACE 47XX. My question is: Can I run a mixed VMware cluster version 3.5 and 4.1 on my ACE? I am experiencing is dropped RPC connections and I was wondering if that could be the cause of it or maybe I am misconfigured something on the ACE
Another question:Should I seperate the two cluster versions on their own serverfarm and than loadbalance the farms? What I mean is serverfarm 3.5 and serverfarm 4.1 and than loadbalance them.
View 3 Replies
View Related
Oct 26, 2011
I´m Trying to synchronize the clock with NTP server external, these ntp server only support NTP version 3.Can I change the NTP version in the ACE4710 Appliance to support the ntp server external?If is possible, How I can change it ?
This is the version:
Cisco Application Control Software (ACSW)
TAC support: [URL]
Copyright (c) 1985-2011 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
[code]....
View 1 Replies
View Related
Mar 21, 2011
I tried to find the EOL or EOS of the IOS A2(1.6a) of our ACE10-6500-K9 module.what to do ?
View 1 Replies
View Related
Sep 14, 2009
McAffee scan of acs 1113 appliance running the 4.2 build 124 patch 12 version reports that a medium vulnerability exists because the system has SSH version 1. Any way to specify only version 2 or turn off SSH?
View 9 Replies
View Related
Dec 14, 2011
I want to load balance between two webservers using ACE10 working in bridging mode, but when putting the VIP in the url i'm getting page not found, tried many configurations but didn't work, here is the latest one
logging enable
logging buffered 7
access-list ALL line 8 extended permit ip any any
[Code].....
View 4 Replies
View Related
Jan 16, 2012
Can we use ACS 4.1 version recovery disc on 4.2 verison to recover the forgotten password.
View 1 Replies
View Related
Mar 11, 2013
which version of prime infrastructure supports wlc5508 version 7.4
View 2 Replies
View Related
Apr 3, 2012
provide me with the important links which can show me how to do the software upgrade for my ASA 5520 ver 7.0(1) to ver 8.4 ? as well as the ASDM
View 10 Replies
View Related
May 10, 2011
i am using Cisco ASA 5510 with ASA Version 8.0(4) and memory 256MB. me to Upgrade it to 8.3
View 6 Replies
View Related
Aug 7, 2012
i have loaded a temporary 4 weeks license on a Cisco 887 router running 15 software.The license appears under temporary licenses, but the enable license is grayed out, so the sslvpn configuration section is unavailable.
View 1 Replies
View Related
Jul 10, 2011
I purchased Product # FL-WEBVPN-10-K9=
What i got was a price of paper paying gratitude for purchasing a license and a CDROM with a video on Electrostatic discharge and copies of the user agreement in several languages. How do i actually activate and use this license? The router is already setup for the SSL vpn. It just doesn't connect. I am assuming it is because i have no license installed?
View 1 Replies
View Related
Jul 26, 2012
I have a new asr9010 that I want to upgrade from 4.2.0 to 4.2.1 sofware. When i try to run the "install activate isk0:asr9k-mini-p-4.2.1 sync" it fails and complains that the 2 files below or equivalent must be active.
iosxr-infra V4.2.0
iosxr-fwding-4.2.0
When do a show version i can see files are loaded and on the asr9010. Attached is a show tech
View 2 Replies
View Related
Jul 1, 2012
We bought a CISCO1941 K9 router. To enabled IPSec feature, I need the PAK to active IPSec on 1941. Where I can buy a valid PAK? Could it be done via on-line support?
View 5 Replies
View Related
May 19, 2011
Sometimes I need to administer the server, but always need to VPN. Can RDP be active while a separate VPN is active?
View 3 Replies
View Related
Jun 27, 2011
A while back my faithful old IBM ThinkPad became very slow under the weight of too many applications and updates so I replaced it. Now I have decided I would like to revive it mainly as a games machine for my young grandson, so I wiped everything off it and reinstalled Windows XP Home Editon (it previously had XP Pro). It used to access the net via a wireless LAN card (IEEE802.11b/g) and this worked fine. I am now having difficulty reinstalling this device. I thought XP would just pick it up but it doesn't. I tried downloading a driver onto a memory stick using my new laptop but that doesn't work either.
View 8 Replies
View Related