Cisco Application :: ASR1002 / ESP2 / Getting Error Log When Change Redirect ACL Entries

Aug 7, 2011

I've configured WCCP2 on my ASR1002/ESP2 and works fine. But got error log since I changed redirect ACL entries. Check on Cisco seems it a known bug?[URL] And seems any change on WCCP not take affected anymore. Even I removed all WCCP configure on my router, but my cache engine still got the redirected packet!?
Aug  8 22:41:00 CST: %FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image:  Batch type 6 ID 0  download to CPP failed
Aug  8 22:41:30 CST: %FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image:  Batch type 6 ID 0  download to CPP failed
Aug  8 22:42:00 CST: %FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image:  Batch type 6 ID 0  download to CPP failed
Aug  8 22:42:30 CST: %FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image:  Batch type 6 ID 0  download to CPP failed


View 1 Replies


Cisco WAN :: ASR1002 Dynamic NAT Entries Are Not Released

May 31, 2012

we are using an ASR 1002 for dynamic NAT (with route maps). I do have a Problem with the usage of the NAT pool it self.The total NAT Translations for the pool are:

#sh ip nat stat
[Id: 1] route-map natted-host-01 pool nat-pool-01 refcount 136
pool nat-pool-01: netmask
start XX.XX.202.0 end XX.XX.203.255
type generic, total addresses 512, allocated 88 (17%), missee 0
If i now look into the NAT translation Table i do get less entries:
#sh ip nat translations filter map-id dynamic 1 total Total number of translations: 43
Only a deeper look into the QFP gives here the right values:
# sh platform hardware qfp active feature nat data The ouput count matches the values I get if i isue a sh ip nat stat
My question is how is it handled internally.
We do have a problem too, with raising usage of the pool over the time.Once allocated Pool entries are not released after a period of time. And no NAT translation occur for that used IP NAT pool Addresses.
The timer on the device are set:
ip nat translation timeout 300
ip nat translation tcp-timeout 900
ip nat translation pptp-timeout 900
ip nat translation udp-timeout 120
ip nat translation routemap-entry-timeout 900
ip nat translation max-entries 750000

View 1 Replies View Related

Cisco WAN :: Error During Boot IOS On ASR1002?

Dec 27, 2011

During the boot ios we found the error messages below. How can i clear this messages?
Missing or illegal ip address for variable DEFAULT_GATEWAY Using midplane macaddr
Missing or illegal ip address for variable IP_ADDRESS
Missing or illegal ip address for variable IP_SUBNET_MASK

View 2 Replies View Related

Cisco Application :: No Sticky Database Entries Seen With End-To-End SSL And Cookie With ACE30s

Sep 10, 2012

We've got ACE30s (active/standby) running A5(1.2), and a context that's front-ending one of our major applications, doing SSL termination on the client side and SSL initiation on the back side:
parameter-map type ssl FrontEndSSL-Param
  rehandshake enabled
parameter-map type ssl BackendSSL-param
  authentication-failure ignore

View 4 Replies View Related

Cisco Application :: ACE 4710 Shows Over Weeks Dramatically Increasing Sticky Entries

Jan 24, 2013

I have a strange effect at my ACE 4710. I loadbalances normally reliable only 14 WEB-Services.
It's running on SW A3.25. Since several weeks I regognized a dramatical increase of Sticky entries. So when running in limitations (the stolen for reuse counter increased then) (show np 1 me-stats "-slb -v") gave more and more resources for sticky ... last it was at 65% and ran again into limits at round 650500 Sticky entries.
So I began to find out what of the services was affected with most sticky database entries and could Identify it. There were really to see round about640000 entries for that specific service.
The sticky for that service was defined to look at a specific cookie in the http header and the timeout defined is 120 minutes.
So round about 45000 Entries was to see with a "show sticky databse group Cookie_Sticky"  with a time-to-expire value of   zero   in the database like the follwing examüple shows:
timeout      : 120           timeout-activeconns : FALSE  sticky-entry          rserver-instance                 time-to-expire flags  ---------------------+--------------------------------+--------------+-------+  13765297814690832647 


When I modified my Sticky definition  with the command "timeout activeconns"   all the Zero-Entries were kicked out and the rsources used for Stickywent back to 5% of usage...

View 1 Replies View Related

Cisco Application :: Configuring URL Redirect On ACE 30 Version A4 (1.0)?

Dec 18, 2011

I have a problem configuring URL redirect on ACE 30 (Version A4(1.0)).When a user enters IP address or a name of  a service [URL], the ACE module should redirect him to the page [URL]. Here is my non-working config:
access-list OUTSIDE line 8 extended permit tcp any any eq https access-list OUTSIDE line 16 extended permit tcp any any eq www access-list OUTSIDE line 24 extended permit icmp any any
probe http Test_HTTP_1  port 80  interval 60  passdetect interval 30  passdetect count 2  request method head url /index.html  expect status 200 200  open 1
rserver redirect URL_Redirect_01  webhost-redirection [URL] 302  inservicerserver host S1  ip address
inservicerserver host S2  ip address

it works, ACE load balances to rservers. Of course, user must enter full url.With redirection configured, user recieves HTTP url redirect message with correct address [URL], but his browser does not display the page. Even directly entered full url does not display it while redirection is configured.Alternatively, does ACE30 already support url rewrite?

View 8 Replies View Related

Cisco Application :: CSS11501 Redirect Preserving URI

Oct 19, 2011

I have a application where I have to redirect a specific URL to another. The point is that the primary URL, have some information that I want to preserv after redirection, for example: url...
The default CSS11501 behavior is to redirect the primary URL to Just that.

View 1 Replies View Related

Cisco Application :: ACE 4710 With HTTPS Redirect

Sep 20, 2011

i have ACE 4710 appliance that terminate SSL and the connection to the servers is http.
The ACE (one Armed) is load balancing between two web servers and i am using stickness in order to take the connection on the same server based on cookie.I can access the website either by http or https., where on the web page there is a login credential to access using username and password.
When i access the website using https everything works fine and i can login to my account in https mode.When i access the website through http and login to my account the URL is redirected to https...normal because i am using action-list to rewrite the http into https. But when i exit the browser and access the website again using http it is not redirected to https(although i see that i am still login into my account i can see all the inforamtion in my account).
The customer wants the connection to be https even when i exit the browser and access the website again (within short time before the cookie exipres)

View 3 Replies View Related

Cisco Application :: CSS Or ACE 4710 Redirect HTTPS To Http

Feb 27, 2012

For a CSS with a SSL module (performing SSL termination) - is it possible to impliment a redirect on https URL to send to equivalent http URL.If my understanding is correct, the CSS will do SSL termination and then use an http content rule on the resultant http stream as it is recursively handled by the CSS ? This would mean that the SSL module has no way of seeing/acting on layer 5 and above data (i.e. picking up on a specific URL) and can not itself issue a redirect - i.e. you could not associate a redirect statement or service with the following ssl content rule ? [code]The CSS would instead rely on a http content rule to impliment a redirect - i.e. you would have to associate a redirect statement or service to the following http content rule instead?
But if the CSS is already handling traffic for existing url...  traffic that is going to cause a loop when a client goes direct to. url...I realise the requirment is uncommon / a bit convoluted, its one of those don't ask type scenarios - aimed at achieving a specific requirement.Would the ACE 4710 be able to handle such a scenario any differently ?

View 7 Replies View Related

Cisco Application :: ACE 4710 - Redirect HTTP To HTTPS?

Jun 21, 2012

I am trying to make a redirect from http to https. the goal is whenever a user writes in it should be redirected to I am just haveing some trouble making it work.

View 4 Replies View Related

Cisco Application :: ACE 4700 Redirect HTTP To HTTPS?

Feb 6, 2013

How to configure a redirection on the ACE from HTTP to HTTPS using specific URL example [URL] to [URL], the SSL certificates were installed on the servers.

View 7 Replies View Related

Port Redirect With Default Ports On Application?

Apr 26, 2012

I'm running several game and file servers via a dynamic IP, which I unfortunately cannot change to a static connection for several reasons. I've solved this by using No-IP, which is a Dynamic IP resolution service. This solved the first part of my problem - I can give people IP's for their websites, such as and so forth, but they all HAVE to append their ports to the url - i.e.

My main problem right now is the game servers - I'm hosting games that default host to 25565, and though I can change the ports the server hosts from, I must give those who want to connect the ports at the end of their urls, i.e.

I know DNS is essentially agnostic when it comes to ports, so no solution there. And I don't think the game (Minecraft vis-a-vis bukkit) supports SRV records, and even if they did, I'd have no idea how to configure them. How can I resolve static urls redirecting to a dynamic IP by pointing them to ports?

To simplify the question -

How can I make resolve to port 25566, and resolve to port 25567 when the default port is set to 25565?

View 1 Replies View Related

Cisco Switching/Routing :: 6509 / Mac Address Error Message No Entries Present

Dec 6, 2012

I am receiving this error after connecting a copper adapter on a GBIC blade in a 6509. Here are the results from the show Interface.  I am waiting to confirm the device on the other side settings but as far as I see I get UP and Up for protocol and line respectively.
GigabitEthernet2/11 is up, line protocol is up (connected)
Hardware is C6k 1000Mb 802.3, address is 0009.11e4.f3ce (bia 0009.11e4.f3ce)
Description: RCPBSDEV
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set


View 3 Replies View Related

Cisco Application :: ACE 4710 / Redirect All Connections From Port 443 To 9443?

Sep 13, 2012

I must  redirect all connections from port 443 to 9443.
this is configered and running:            
serverfarm host FARM-002
  probe test-xml
  rserver svx-xmlfw-lb-01 9443
    backup-rserver svx-xmlfw-lb-02 9443
  rserver svx-xmlfw-lb-02 9443

I have in the moment following problem. All connections become redirectet to port 9443 but port 8080 shouldn`t be redirectet to port 9443. What can i change in my config to solve this problem?

View 6 Replies View Related

Cisco WAN :: 2800 / Error Opening Flash - Config-backup-1 (No More Root Directory Entries Available)

Oct 7, 2012

I have Cisco 2800 series router.  When I am trying to write memory getting error message  " Error opening flash:config-backup-1 (No more root directory entries available)" When there is simultaneous access to a router's NVRAM, we might encounter these errors. In order to clear the line the other user(s) is (are) connected on and free the NVRAM, issue the clear line command. But still getting the same error message.

View 1 Replies View Related

Cisco Application :: Apply Policy Only On Specific Subnet / Port 443 Traffic Can Be Redirect And Rest

Feb 16, 2012

I am facing problem with ACE configuration. I want to redirect 443 traffic to my Proxy Server. But I am not able to do this. I want to redirect only subnet only it is working but I dont have to have this policy to be applied on all the users only one subnet I want to have under HTTPS policy.
how can I apply the policy only on specific subnet so that port 443 traffic can be redirect and rest of all subnets can go direclty to Internet.

View 8 Replies View Related

Cisco Application :: 11500 / Redirect SSL From Base Site To Different Page On Same SSL Site

Aug 24, 2011

I'm attempting to redirect SSL from the base site to a different page on the same SSL site.  I want to redirect* to[URL] .  If I enter[URL], site loads, but if I enter simply, it times out.  The ssl_sharepoint service is my ssl_proxy_list. 

  content Sharepoint_https
    flow-timeout-multiplier 10
    sticky-inact-timeout 35
    vip address
    application ssl


View 5 Replies View Related

Cisco Application :: ACE 4710 FT IP Address Change

Aug 22, 2011

Any document that details the steps to change the FT ip addresses of a pair of Cisco  4710 whilst they are running in a production environment without causing an outage?

Would the steps be:
On the secondary unit:
hbs-syd04-lb01ft interface vlan 417 ip address peer ip address

Then on the primary unit:
hbs-syd04-lb01ft interface vlan 417 ip address peer ip address

Or Vice Versa?

View 1 Replies View Related

Cisco Application Networking :: Change Host Name In CSS11500 Series

Jun 6, 2011

How to change host name in CSS11500 Series. I cannot find any documentation for that matter.Is there any impact in the system to change the host name?

View 3 Replies View Related

Cisco Application :: ACE 4710 - Cannot Upgrade / Getting Error

Apr 29, 2013

Upgrading a 4710. This is a brand new ACE out of the box and I have tried to upgrade a couple of times but get the same error... Here are the details:
switch/Admin# copy image: Enter the destination file name[]? [c4710ace-t1k9-mz.A5_2_2.bin]
File already exists, do you want to overwrite?[y/n]: [y] y Enter username[]? ace Enter the file transfer mode[bin/ascii]: [bin]
Enable Passive mode[Yes/No]: [Yes]
Passive mode on.EXT3-fs error (device hdb2): ext3_new_block:
Hash mark prinAllocating block in system zone - block = 163843ting on (1024 by
Aborting journal on device hdb2.
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
[ code]......
And it keeps going on with this message. I also tried tftp and I get the same thing:
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6147
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6148
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6149

View 7 Replies View Related

Cisco Application :: Change Version In ACE 4710 To Support NTP Server External?

Oct 26, 2011

I´m Trying to synchronize the clock with NTP server external, these ntp server only support NTP version 3.Can I change the NTP version in the ACE4710 Appliance to support the ntp server external?If is possible, How I can change it ?
 This is the version:
Cisco Application Control Software (ACSW)
TAC support: [URL]
Copyright (c) 1985-2011 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.


View 1 Replies View Related

Cisco Application :: SSL Certificates Update Error In ACE 4710

May 17, 2012

I am facing a problem while updating the SSL certificates in ACE 4710. Our certificate is expired and we have purchased a new certificate from CA. Moreover the common name of the certificate is also changed.
I tried importing the certificate to the repository and change the SSL proxy likewise to use the new certificate. but still the new certificate with new CN is not recognised by the clients. they can see the old certificate only. I even tried deleting and creating a new ssl proxy service with the new cert and attaching it to policy map.

View 2 Replies View Related

Cisco Application Networking :: CSS 11501 Reboots When Making Change To Global Keepalive?

May 17, 2010

I've got an issue with a CSS 11501 where, if *any* change is made to a global keepalive (active), the device reboots. The code is I'm unable to search the TAC archive or I would've gone there first.

View 2 Replies View Related

Cisco Application :: 4710 - Getting Error On ACE Throughput License Upgradation

Oct 26, 2012

We are trying to upgrade throughput on ACE appliance 4710, getting below mentioned Error. We got license file from Cisco first license is for 0.5 to 1g, 2nd 1g to 2g and 3rd one is for 2g to 4g.
Our environment is critical, hence we are doing upgrade on Secondary appliance first. for that we are first isolating Secondary appliance by disabling up link switch port. 
ACE-Shared/Admin# license install disk0:ACE20121016124306914.lic
Installing license... failed: Can't install this license with the current count

View 4 Replies View Related

Getting (general Network Error) While Accessing Application From Server

Feb 23, 2011

i'm getting "general network error" while accessing application from server..

client machine: Windows 7

server machine: Windows 2008 server

Switch : 24 port unmanaged D-Link switch ..

network cable: CAT-5 cable.

View 1 Replies View Related

Cisco Application :: ACE 4710 Device Manager ERROR In Loading Configuration

Nov 20, 2012

When trying to view the status in the Monitor tab and the Config tab after you log in to the ACE 4710 Device Manager A5 (1.2) management GUI tool, I could not retrieve the status data and the following message appeared.
"Faild to upload Adimn configuration: There is error in loading configuration: Error in loading RMO config from DB:The given index XXXXXXXXX.bak does not match table index definition"
Other features include all normal, so I can get information by using the CLI.In addition, this configuration is redundant in the Primary / Secondary, this event occurs only on the Primary.

Other:-XXXXXXXXX.bak is a backup that you created in the checkpoint, and it does not already exist.

-When I'm logged on to the GUI, the above message is displayed in the status bar always.

-It was not recovered by ACE restart it.

-When I try to create the same configuration in a different environment, it did not reproduce.

View 2 Replies View Related

D-Link DIR-615 :: Change The Error Page Forbidden Web Access

Jan 13, 2010

I am using D-Link DIR-615, I need to ask is it possible that i change the error page "Forbidden Web Access" ? I have blocked some websites and i dont want ppl know that it is blocked by router because in D-Link default error msg it is clearly mentioned that " This page is not included in the router's Allowed Web Site List". Is it possible that i redirect error page to some other site? or change error message?

View 2 Replies View Related

Application Not Found Error Message On Toshiba Laptop Running Vista

Jun 20, 2011

Cannot turn off my windows firewalls on my vista toshiba after removing a scam Vista antivirus spyware download.. Cannot access any ports,Whenever I try to open a web browser, my disk defragmentation, ccleaner

View 1 Replies View Related

D-Link DIR-615 :: Internal Server Error 500 - Change Router DNS To OpenDNS

Apr 4, 2013

Lately, Ive been trying to change my router DNS to OpenDNS. Somehow, after changing it, I couldnt access the router page at, getting the error 500 message. I unplugged and plugged the router with no effect. Im using a dynamic IP, and have a few ports forwarded for my DVR. The router model is DIR 615. want to change the DNs for speed and filtering purposes.

View 4 Replies View Related

Cisco WAN :: How To Configure NAT On ASR1002

Aug 25, 2012

I am going to configure the NATing on ASR1002 and expecing to have near about 1Million nat translation. Will ASR1002 support 1million nat translations ? how many NAT translations are supportable on the ASR1002 ?I am going to configure NAT on ASR1002-5G/K9 U& have FLASR1-FWNAT-RED.

View 1 Replies View Related

Cisco WAN :: ASR1002 IOS Upgrade From 2.x To 3.x?

May 29, 2013

Right now I have a ASR1002 running a very old IOS version.Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 12.2(33)XNE, RELEASE SOFTWARE (fc1) asr1000rp1-ipbasek9. – 25-NOV-2009?
I am looking to upgrade to a newer version.I was wondering if there are any tricks when upgradeing this IOS. Is it as easy as loading the IOS onto the ASR and then changing the bootpath or is there an upgrade path I must follow? Also would there any need for a licence between 2.x and 3.x.

View 2 Replies View Related

Cisco WAN :: ASR1002 Web Logon

Jan 27, 2011

The loopback of the ASR1002 is When I use a browser to access it, I got the authentication dialog box asking for username/password. I input the information and submit. But authentication box comes back again and ask for the username/password.
The username/password is test okay. But somehow, the web GUI just does not use it.

View 2 Replies View Related

Cisco WAN :: ASR1002 - How Does It Differ From SFP-GE-L Adapter

Feb 5, 2009

Is the GLC-LH-SM SFP compatible with the ASR1002 and how does it differ from the SFP-GE-L adapter?

View 4 Replies View Related

Copyrights 2005-15, All rights reserved