On my ACE4710s I'm using least-loaded predictors monitoring Microsoft Windows CPU usage. There are times when the MS Windows CPU OIDs can change between reboots. Any way for the ACE to automatically adjust to the new CPU OIDs and continue to get accurate CPU usage values?
View 1 RepliesI have a problem, recently I can not telnet to the ACE 4710, the ACE version is A4(2.0). I can enter by web and console but not for telnet. I try to give more resource to the admin context but it doesnt work.
View 1 Replies View RelatedI have to load balance traffic between 2 servers sitting behind the LB. The webservices are on HTTPS/8443. I followed the end to end configuration guide for SSL. No success.
Here is my configuration -
rserver host nms1
ip address 10.29.36.31
conn-limit max 4000000 min 4000000
[Code].....
We have a rather strange issue, and I'm not sure it's really a problem with the ACE or not. We created an HTTP parameter map called "TCPreuse" and applied it to a virtual server. A show conn detail displays "[ conn in reuse pool : FALSE]" for all connections pertaining to this virtual server. The rserver in question is Linux(Ubuntu) + Apache.Next we applied the HTTP parameter map to another virtual server - this time IIS7 + Windows Server 2008. There are plenty of entries "[ conn in reuse pool : TRUE ]" when I do a "show conn detail".What could the web servers be doing differently that would cause the connection reuse to work on one virtual server and not the other?
View 1 Replies View RelatedI need to upgrade 2 active-standby cisco ACE4710, the issue is I cannot access FTP/TFTP/SFTP server via Admin context but can be accessible via other contexts.
Can I copy the ACE system software file from FTP/SFTP/TFTP server to image: directory durectly or need some other way around ? I could see the option is available to copy ftp: to image: via other context.
My customer they do not want change their real server IPs. So I need setup one interace (one armed) for them on ACE4710. Who had this sample configuration? (CSS has this but it seems to be not compitable with ACE)
View 4 Replies View RelatedI am attempting to configure an ACE4710 to perform SSL end-to-end confguration. i.e. SSL termination - load balance - SSL initiate to backend server.The configuration appears to work fine in a test lab using any old web server, however when I peform the same configuration in the production environment it does not work. It appeatrs from a capture run on the ace that the ace is reseting the tcp connections after communicating with the back end server. The main difference I can think of in this environment is that the cert and key pair the ace is using where exported from the backend server, i.e. both the ace and the backend server have the same certificates and keys. Is this allowed? how to troubleshoot why the ace resets the connection.
View 6 Replies View RelatedI have 2 ACE4710 in HA enviroment, they receive connection from Internet. What I need to configure is following:
The ACE have configured two URL, with the same port and VIP Address, for example:
URL-1: www.xxxxx.com
URL-2: www.xxxxx.com/Admin
VIP Address: 10.10.10.10
Port: 8443
All clients point to unique VIP and Port configured, I need to know if I can apply any filter or rule that allows me to distinguish when a customer goes to the URL1 or URL2.If any client try to access to URL-2, your traffic must be deny.In summary, from Internet I should be able to go only to URL-1.
I have to deploy the Cisco GSS in our 2 dataceters globally seprate IP ranges to loadbalance the exchange 2010 environment with Cisco ACE 4710 series SLBs. The scenario is to deploy one GSS + ACE on each datacenters and our nameserver will point to both GSS's IP addresses to get through. Incase primary site "site A" goes down name server will point the client's request to "site B".
What will be the physical setup of the GSS here and what configuration should on SLB ACE will make it work? Do GSS and ACE need to be in the same vlan? is this necessary to use Both interface of the GSS to get things working? How the GSS will check the health check on ACE if they both are on different vlans/ip range? Our ACE will be in routed mode do we need to assign the Real server default gateway as ACE inside interface with the server farm or just do the SNAT of the client IPs so the request can come back to ACE?
I have HA configuration for two ACE4710. FT between Ace's is configured as L2 (V LAN). Active ACE is sending heartbeats, but switch shows lot of 'input errors' on ingress and this is a major problem. FT is logically not working (there is no connection between these two Ace's over V LAN). There is only L2 configuration, with speed and duplex auto, no other special configuration. When I connect Ace's directly, FT is working without problem.
I can see lot of errors on input direction (from ACE) to switch port, that means, L1, or L2 problem, but direct connection (using the same Ethernet cable) is working. I tried 'shut/no shut' on both sides, set duplex/speed,... without success.
ACA IOS version is A4(1.x).
Do you know if it is possible in ACE 4710 appliance to configure a SIP TLS ?The SIP probe we have in the configuration guide it is only for clear text. for Lync 2013 we need to establish first a TLS session and then within it, send an SIP request..IS it possible in any version? I tried also to configure a HTTPS probe but it fails as it sends a GET which the Lync SIP server doesn't understand.
View 1 Replies View RelatedACE 4710 deployment model. We'll be doing an eval later in the year, but I'm just looking to understand the architecture.We have a stack of 3750 switches with a single VLAN (10.1.1.0/24). Connected to that stack is a pair of web servers (10.1.1.5 and 6) that we want to provide load balancing/failover for. Some of the clients are located right there on that same VLAN. Other clients may be coming from other spots in the infrastructure.It sounds like I could put a pair of 4710s connected to that stack of switches, in a single arm deployment? And then the virtual IP and the real servers would all be 10.1.1.0/24. Maybe use an etherchanel to connect each 4710 to two 3750s?
View 9 Replies View RelatedI'm implementing and found out some issues are unresolvable on ACE4710. This network have been running on a server without LB. Now the second server comes up. We choosed to implement with Routed Mode.This network Peak @ 300Mbps. Now on we're doing the first context which is function as content web-farm. In near future, 2nd context which takes care of indexing web-farm when they buy more server.
From following diagrams.I browsed from internet into this service. "show service-policy" shown as '0' (counter was not running). I guessed that there is something wrong in FW configuration. So I isolated out FW. Then I plugged-in my PC into network 30 (192.168.30.X) in front of this LB, then browsed into LB's VIP (192.168.30.1). LB "show service-policy" came up BUT there is nothing return to my PC (client). "show conn" on LB as "SYNSEEN". What's SYNSEEN?! Some meaningful.
Then I tried to figure out with a PC running 'apache' and took the place of real server. "It works!" returned from LB/Server. "show conn" became 'Establish' Programmer guy said if I browse into web-farm (i.e. content web-farm) directly pkt will be redirected to indexing server. But they said it will be L7 redirection. Not LB/Network level.
We recently configured a setup to loadbalance 2 application server using ACE4710. Initially the configuration was to link two app servers directly to ACE4710 without connecting to a Switch, but later, it was advised that ACE4710 is not able to work without connecting to a switch.
1. ACE4710 is not able to link directly to APP/WEB server, but it must go through a network Switch.
2. If item-1 above is true. We used to have a older Cisco Loadbalancer which is able to link directly to WEB/APP servers. What is the reason or advantage of removing this feature?
one of our 2 ACE boxes in FT group suddenly reboot-ed from active state and now it continuously reboots with the following error:
insmod: error inserting '/isan/bin/klm_octeon_device.klm': -1 No such deviceerror inserting /isan/bin/klm_octeon_device.klmDaughter Card Not Found. Rebooting..INIT: Sending all processes the TERM signal...
We have a CSS11503 that is currently being used to accept incoming HTTPS and SSH connections on a specific VIP and then PAT those client connections. I understand that it also PATs the server initiated connections. [code]
View 1 Replies View RelatedFor server load balancing, does the ACE4710 support custom protocols? We'll be using HTTP for server health monitoring, and to determine if a server is up or down. But the client/server application is custom, and includes a lot of non-standard ports. Can the server VIP handle generic TCP connections? For example client1 connects to the VIP on http, but then later client1 switches to using tcp842 (a custom protocol, not http).
View 5 Replies View RelatedI have a ACE4710 setup to load balance a couple of web servers. The real servers all show as inservice as do the propbes and serverfarms/virtual servers. If I ping the Virtuual server ip address I get a reply but it I try to access VIP via telnet or web browser. I get a connection could not be open error on the client.The question is how do i determine where the error is comming from so far I can not tell if the client is getting through the acl or not.I have used the trouble shooting guide and nothing has worked to determine the cause so far. show service-policy int479 detail does not show an increase in the hit count when I try to connect.show stats conn does not show an increase in failed or timed out connections when i try to connect. [code]
View 3 Replies View RelatedMy customer wants each ACE4710 (of a highly available cluster) to have its own, dedicated port for management purposes.
According to documentation, IP addressing can be applied to VLAN interfaces, so in order to satisfy the requirement, I should make one port belong to an "access VLAN X", and then apply IP addressing to the corresponding "interface VLAN X". This should satisfy my customer´s requirement in an indirect way.
But... ¿ Can´t I just configure IP address on one of the 4 ethernet ports in order to save the work of building the aforementioned VLAN? I am asking this since I do not have access to a real box in order to verify.
I have 2 Cat 6509-E switches in VSS configuration with 2 ACE modules. One in each Cat6k.
The ACE modules are running the following:
Software
loader: Version 12.2[120]
system: Version A2(3.2a) [build 3.0(0)A2(3.2a)]
We have only 2 contexts, the Admin and another one that we redirect traffic to WAAS equipment. The ANM soft running is only used for stats about the ACEs. It is version 5.2.
Since last week, the standby ACE module reboots on it own. It rebooted between 10 and 15 times until we had to leave the module PwrDown due to the constant reboots.
I tried to find any bug in the soft but I could not find anything related to that.
I was trying to implement stickiness based on cookie. Server inserts a cookie and sends it to the browser. I learned from app team that this cookie is changing dynamically during the session, so stickiness based on server’s cookie doesn’t work.
Now I want to investigate into possibility of ACE to insert a cookie. My question is: ACE feature of “cookie insert”: does it add additional cookie into http header without removing server cookies or it deletes the cookie(s) that server put into http header and replaces them with its own cookie?
We have an ACE Appliance in a DMZ and the ACE Appliance's Admin Context IP is translated between ACE and ANM. The ANM Server does not get translated. It is just the opposite then in another Community discussion.
Our Problem: When adding the ACE4710 Appliance to the ANM imported Device List, we use the ACE's NATed Admin Context IP. Import works well, but ANM reflects the Admin Context IP with it's real configured IP. Polling the ACE Appliance does not work therefore.
Is there a possibility of telling the ANM, that the ACE has to be polled through a NATed IP? I could not find a field to set a NATed Mgmt IP.
Configured IP on ACE Admin Context: 192.168.0.10
NATed ACE Admin Context IP: 172.16.0.10
Imported ACE with IP 172.16.0.10 into ANM, but ANM polls for Rserver, Vserver, Probes, etc. via 192.168.0.10 - which is not reachable from the ANM.
I've got an issue with a CSS 11501 where, if *any* change is made to a global keepalive (active), the device reboots. The code is 08.10.2.05. I'm unable to search the TAC archive or I would've gone there first.
View 2 Replies View RelatedIn my organization we are having 12, LMS 3.2 servers deployed across the globe. As per Audit policy we need to deploy Microsoft win2003 server security patches on all servers using WSUS. Every month our server team sends us query before applying the patches regarding it's compatibility with LMS.
View 4 Replies View RelatedHow to be able to get AP1252AG-E-K9 running against Microsoft Windows Server 2008 R2 IAS.I am getting these errors:
RADIUS/DECODE: convert VSA string; FAIL
RADIUS/DECODE: cisco VSA type 1; FAILRADIUS/DECODE: VSA; FAILRADIUS/DECODE: decoder; FAIL
RADIUS/DECODE: attribute Vendor-Specific; FAIL
RADIUS/DECODE: parse response op decode; FAILRADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
My ISP is Cox communications in Tucson, AZ.I was subscribed to their basic ("essential") internet speed tier and was getting about 3.68mbs DL and .78mbs UL.I recently upgraded my service to their "prefered" speed tier which is supposed to be up to 18mbs DL speed. I am now getting about 2.85mbs DL and 4.88mbs UL. I have had two techs out who have completely replaced the drop from the outside pole across the street, installed brand new coax all the way to the modem. The modem is brand new (cisco eMTA) Yesterday, after spending 3 hours trying to resolve the issue, the tech connected his own lap top to my modem and was recieving around 25mbs download. It seems the problem must lie in my computer somewhere, but they weren't even sure what it might be.
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft� Windows Vista� Home Premium , Service Pack 2, 32 bit
Processor: AMD Athlon(tm) 64 Processor 4000+, x64 Family 15 Model 95 Stepping 3
Processor Count: 1
RAM: 1918 Mb
Graphics Card: NVIDIA GeForce 6100 nForce 405, 128 Mb
Hard Drives: C: Total - 227553 MB, Free - 155007 MB; D: Total - 10919 MB, Free - 4617 MB;
Motherboard: Gateway, MCP61SM2MA, FAB1.0, WYSV80903004
Antivirus: AVG Anti-Virus Free Edition 2011, Updated and Enabled
I have a server computer running Windows Server 2008 R2 Standard operating system with 4 client computers connected to the network running Windows 7 Professional operating system. All worked great yesterday. This morning, one of the client computers encountered this error:
An error occurred while reconnecting F: to \SERVERData
Microsoft Windows Network: The user name could not be found.This connection has not been restored.No updates or changes have occured between yesterday and today and the three other client computers have no similar problems.Just this one client has the error.
if I am XP and online, if I restart into Win7, I have to power cycle my modem before I can go online. If I then restart any number of times into Win7, there is no connections problem. If I then restart into XP, then I have to power cycle the modem again. If I then restart any number of times into XP, then there is no problem. If I then restart into Win7, then I have to power cycle the modem.
View 1 Replies View RelatedI have just moved homes and I am unable to connect wirelessly to the internet through the network in my new house. The computer is connected to the network with excellent signal strength but access shows as local only and will not connect to the internet.
All other computers have been able to connect to the internet with no problems, and my computer will connect to other wifi connections, no problem.I can connect with a wire directly to the router, but no luck with wifi. I have also had this problem with one previous wifi network. I have tried many things, including taking the compter to a computer shop for them to look at and having another professional look at it, but so far no luck.
Tech Support Guy System Info Utility version 1.0.0.1 OS Version: Microsoft� Windows Vista� Home Premium , 32 bit Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz, x64 Family 6 Model 15 Stepping 13 Processor Count: 2 RAM: 2037 Mb Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 448 Mb Hard Drives: C: Total - 102720 MB, Free - 27457 MB; D: Total - 11750 MB, Free - 1681 MB; Motherboard: Hewlett-Packard, 30D9, 83.21, CND8173S5Q Antivirus: AVG Anti-Virus Free, Updated: Yes, On-Demand Scanner: Enabled
Can we integrate cisco acs verison 5.x with active directory Microsoft windows server 2012 ?
View 1 Replies View RelatedI could not able to download a 1.5 GB of file size.Its getting interrupted while 30 mb or so ...I have tried in wireless connectivity & even wired internet connectivity as well.I dont understand wether the problem with IE or with internet connection provider or my IT administrators restricted the download functionalities for my user name ?
View 1 Replies View Relatedwe use ACE30 module, ver. A4(1.0) for access to intranet application. The https connection from client is terminated on ACE module, LB algorithm is used and new SSL connection is initiated to the server. Standard operation works without problems.
But when user generates a .xls od .pdf report in the application, it should open in a new popup window. Problem is, that it does not (but on the server, the report is generated and stored). The PC and browser are configured fine, when accessing the application from the same PC directly (bypassing the ACE module), the popup window appears.
We have two separate external connections, one behind a pix one behind an asa, clients behind either of these firewalls cannot get to skydrive.live.com - the page title loads but then thats it!im debugging behind the pix becuase there is less traffic and ive pulled this from syslog so far-have been googling but not sure if this syslog data is normal or not really
View 9 Replies View Related