Cisco Application :: ACE4710 Appliance To ANM Virtual Appliance NATed
Oct 12, 2011
We have an ACE Appliance in a DMZ and the ACE Appliance's Admin Context IP is translated between ACE and ANM. The ANM Server does not get translated. It is just the opposite then in another Community discussion.
Our Problem: When adding the ACE4710 Appliance to the ANM imported Device List, we use the ACE's NATed Admin Context IP. Import works well, but ANM reflects the Admin Context IP with it's real configured IP. Polling the ACE Appliance does not work therefore.
Is there a possibility of telling the ANM, that the ACE has to be polled through a NATed IP? I could not find a field to set a NATed Mgmt IP.
Configured IP on ACE Admin Context: 192.168.0.10
NATed ACE Admin Context IP: 172.16.0.10
Imported ACE with IP 172.16.0.10 into ANM, but ANM polls for Rserver, Vserver, Probes, etc. via 192.168.0.10 - which is not reachable from the ANM.
Do you know if it is possible in ACE 4710 appliance to configure a SIP TLS ?The SIP probe we have in the configuration guide it is only for clear text. for Lync 2013 we need to establish first a TLS session and then within it, send an SIP request..IS it possible in any version? I tried also to configure a HTTPS probe but it fails as it sends a GET which the Lync SIP server doesn't understand.
We have an ANM Virtual Appliance, version 5.2, were we login and can go no further. This was working for fine for approximately two and half weeks. We created a backup and re-loaded the system via CLI with the same result. We logged in again via SSH and we have noted the following:
cscoanmsa/admin# sh disk temp. space 4% used (141244 of 4951688) disk: 7% used (353916 of 5935604) Internal filesystems: warning - /var is 100% used (89219000 of 89258112) cscoanmsa/admin# sh application status ANM
Is there any way to access and clean out the /var directory from the CLI. is this achieved simply via the "delete" command with the full path ?
The upgrade process for ANM virtual appliance 4.2 involves doing a backup and restore as root user. I have looked through the documentation and have even reinstalled the virtual appliance to see if the install script gives away the root password for the OS but without luck.
currently have LMS 3.2 on a Windows server. I'd like to upgrade to 4.1 on a virtual appliance. I don't care about migrating data and would probably like to just start fresh. My question is If I were to download the 4.1 evaluation virtual appliance and also purchase the 3.2 to 4.1 upgrade license would I be able to apply that license to the evaluation?
trying to get my ducks in a row for replacing a Cisco 5510 and a Barracuda Link Balancer with a virtual pfSense appliance. This is partially due to eliminating support contract costs (nearly $3k annually between both appliance) and partially to utilize the redundancy and fault tolerance that our virtual environment can provide. I'm also implementing a colo site for replication/DR this year so doing a tunnel from site to site would make it a lot easier with like for like virtual appliance firewalls.
The VPN aspect. We are currently doing Cisco VPN with Radius auth on the back end, this is seamless to setup from an end user perspective as they just hit a URL, download/install the ANyConnect client, and log in with their credentials. Is there a comparable alternative in pfSense? I'm leaning toward IPsec but it still doesn't seem as seamless as what we currently have in the ASA.
In 2008-2010 timeframe, I used the ace 4710 appliances at one customer and kind of liked them. The deployment was not too SSL intensive and B/W requirements were low, but I configured a few HA pairs and that worked well. The configuration was pretty comparable to other Cisco devices; so easy to learn/pick-up.Fast forward to 2011: stepped into an environment, where customer purchased 3 - ACE 20 modules (before I got here), and had multiple issues with them. I found 4 documented TAC cases, and 1 was still open. I started working from December 2011 on getting Cisco to own-up WRT modules but customer by that time had had enough.
The most serious issue was a random reboot, hang or lockup. I wasn’t here to work with them to verify, but that’s eventually what the deal breaker was. Around the February 2012 timeframe, talking to Cisco SE, he revealed Cisco had an independent lab in Switzerland verify that some hardware component on the device had a terminal defect, in which a bit would flip, and force the device to lock or reboot - subject ot radioactive decay or interference.Cisco and the lab attributed this to improper shielding, coupled with defective material in the electronic component; hence the device was highly susceptible to radiation-type errors. This is the kind of stuff you read in doomsday reports! As a result, Cisco was EOL-ing the ACE-20 module. I am trying to get Cisco to replace the ACE-20 modules with something else, but they haven’t been too cooperative. They have also limited their SE/Salseperson presence where I work (Pacific Northwest); and are not too responsive.
I have gotten a verbal agreement to get a credit on prior purchases for the amount this customer spent on the ACE-20 modules. However, the credit is only a few points off their normal discounting model. And Cisco will not go into loss on new product sales. Using example, $100 product would cost me $55 with standard Cisco discounting. Cisco’s cost might be $45 so I will only get another $10 credit on this new purchase.The 3 Cisco ACE-20’s originally cost customer about $100K, so to dwindle this credit down, we would need to purchase about $1-$2 million of new hardware - that's a lot of new gear! And I don’t have any real way of knowing that Cisco is applying the credit honestly, and they won’t put anything in writing. This entire issue has really dampened customer’s impression of Cisco. They had smartnet on the ACE-20’s for 2+ years, but then dumped that after losing faith in the product. Now I am trying to resurrect smartnet to see if Cisco will give us an alternate product.
And to cap it all off, the original Cisco salesperson (who sold customer the ACE’s), has left and went to work for F5! And yes, he has been calling on customer to try to sell some big-IP's! At least there is some humor in all of this. So... Has anyone else had bad experience with ACE-20 module? How about ACE 4710? How to get a reliable working ACE module from Cisco?
My TCOM guys say they do not see the ACE as a CDP neighbor on their switches. Is CDP enabled by default? I cannot find any documentation that suggests this is configuration (like on the Cisco CSS - where it can be enabled, but cannot see its' CDP neighbors).
BTW - The ACE 4710 Appliance documentation uses CDP as acronym for Certificate Revocation List Discovery Point (for SSL CRL's).
I have a pair of ACE 4710's that I am deploying within a datacenter. The primary and secondary ACE appliances have identical configurations except for the IP addressing and priorities for FT. The FT peer is going into a TL error state.
On the primary ACE appliance, I am able to ping and telnet from/to it without any issues. All of the routing works as it should and everything is seen in the ARP table as it should. The secondary appliance is able to ping everywhere, but telnet out of or into that appliance does not work.
I am able to see the IP addresses in the arp table and can successfully ping end to end from the secondary device, just unable to telnet into or out of it. When I try to telnet out of the secondary device, it reports that there is no route, even though the IP's I am trying to telnet to are directly connected and those interfaces are up and working (otherwise ping would fail). The exact same filters (access-lists, service-policies) are configured in the exact same format and applied to the exact same interfaces.
I tried removing all of the fault tolerance configurations and just created a Layer 3 vlan interface for management and I am still unable to telnet into or out of the appliance. This is not a complicated setup and I have to think there is something obvious that I'm missing, but I'm hung up on the fact that the config's are almost identical while one works exactly as intended and the other reports no route to host for a directly connected interface.
We have several 474 and 594 class WAAS appliances in the field. When power is lost to a given location, almost all of the other devices we have at these sites will start themsleves back up upon the restoration of power. Since the 474 and 594 WAAS appliances are basically PC based devices they do not seem to have the ability to start themselves back up when power is restored. What we would like is to have a solution wherein the WAAS device powers up on its own once power is restored much like the routers, switches, servers and PBX devices at the same location.
I've got basic connectivty to our ACE30 module and when I try connecting to the management IP address (attached to the Admin context), I see a very basic GUI which only lists the CSM to ACE config conversion tool. I don't see a GUI as detailed in the document: url...How do I get the ACE Applicance Device Manager GUI working so that I can then configure real servers, serverfarms etc rather than via the GUI?Having read through copious amount of documentation I can't seem to find a refrence that would ne useful here. This should be a fairly straight forward exercise - do I need to install some other software to get the full fledged GUI working?
i have a 4710 appliance (one armed) and i am load balancing with two webservers. In the URL, there are links that need to be redirected to https:
i am using the
rserver redirect REDIRECT-TO-HTTPS[URL]
The https is working but i have a problem. when i access the Main link "first" it is redirected to https to the Main link.But if i access one of the Sublinks directly(without having to click on the main link first) the page is redirected to https but to the Main Link. i have to click the Sublink again in order to get the page.How can i redirect to https and stay on the same page? What might be the general link in the webserver-redirection?
I would just like to double-check a point with the forum on licensing on 4710 Appliance.If with version 4.2 and above 2Gbps Bandwidth licence is required, the output of the sho license status should be?
After upgrading our Cisco MSE to 7.4, the appliance does not stay connected to the network. Once the appliance is restarted, layer 3 echoes occur for about 2 minutes and then stop. The only way to get it to respond again, is to restart the appliance. Again, after a few minutes, it stops responding. I've checked the switch, and there is no port security set up on it. I've checked ACL's, and other potential culprits to no avail. The MSE interface is set up, and the device is configured.
I'm currently trying to install the Cisco LMS 4.2 Appliance on a VMware vSphere 4.0 environment.I'm following the [URL]. I downloaded the Cisco_Prime_LAN_Management_Solution_4_2.iso and I started the server.I get this screen and I choose option 1:
I try to upgrade LMS 4.2 to LMS 4.2.1 on a soft appliance and i got this error. To upgrade from LMS 4.2 to LMS 4.2.1:
lms/admin# conf t lms/admin(config)# repository myrepo lms/admin(config-Repository)# url disk://opt lms/admin(config-Repository)# end lms/admin# application upgrade Cisco_Prime_LAN_Management_Solution_4_2_1upgrade.tar.gz myrepo Save the ADE-OS running configuration?(yes/no) [yes]? yes Generating configuration... Saved the ADE-OS running configuration to startup successfully Initiating Application Upgrade... % Local file not found lms/admin#
All users are located in the local identity store.So - assume I do not implement ACS but I do turn on password expiration after 60 or 90 days. Will a user whose password is about to expire attempts to authenticate against ACS 5.2, will they be notified that their password is about to expire?Also, when a user attempts to authenticate but their password expired yesterday, will they be prompted to change it and if so, how will that prompt to change it be presented?
A while back we were looking into upgrading our SUN/Oracle server to better service our CiscoWorks. Our vendor (partnered Cisco Vendor) told us that Cisco was developing an appliance like WCS and CNR that runs Redhat for CiscoWorks.Does any one have any info on this or could this be a rumor?
We do not run Windows devices on any of our network enterprise and this would be so cool!
Oracle is getting to be a clone of Windows..in our opinion
If this is true, I will happy to sit and wait for it.
We now run LMS 4.0 on a SUN/Oracle T2000 and it seems to be bottlenecking.
I upgraded wcs to version 7.0.172 and migrated it to new server and ip address. The upgrade was done by install wcs 7.0.172 on new server and restoring a backup. I also upgraded the location appliance from 126.96.36.199 to 188.8.131.52. The wcs can see the location appliance without a problem. The problem occurs when i try to backup the location appliance. The wcs appears to run the backup and completes with a success but i cannot find the backup file in the ftp directory. wcs backup to ftp folder is fine.is a there a way of doing a manual backup the location appliance what logs can i check to see whether the backup is taking place or not?
While running the install wizard of soft appliance LMS 4.1 it asks for hostname and also the domain during the install. Is the hostname suppose to be fully qualified domain name exp: foo.blah.com or just hostname without fqdn exp: foo? Reason why I ask is when I ran the following command below in the shell it doesn't look like it is setup correctly. Also if I did the install without my hostname in dns first will this mess up my install?
My site got the NAC-3315 appliance and we would like to reimage this appliance to inline posture mode (for VPN purpose)What's the proper migration process should deal with this? Is the NAC-3315 hardware comply with the Inline posture mode requirement?
Newly shipped cisco ACS appliance 1121 has been shipped with ACS version 5.0 , I need to downgrade to ACS version 4.2,0 , I could not see recovery CD or DVD for acs 4.2 along with shipment , Is ACS 1121 appliance is comptaible to acs 4.2.0 version ? .
My ACS BOM details CSACS-1121-K9 ACS 1121 Appliance With 5.1 SW And Base license
This is a new installation.I did to configure the ACS to connect to the AD to authenticate users and retrieve the user information for group mapping as following step. Go to Users and Identity Stores > External Identity Stores > Active Directory, and enter the domain name and provide a username/password that will allow connect to the domain.Next, click on the Test Connection button to validate joining the domain. I got success test connection. But when I click Save Changes. I got error .