Cisco Application :: ASR1002 / ESP2 / Getting Error Log When Change Redirect ACL Entries
Aug 7, 2011
I've configured WCCP2 on my ASR1002/ESP2 and works fine. But got error log since I changed redirect ACL entries. Check on Cisco seems it a known bug?[URL] And seems any change on WCCP not take affected anymore. Even I removed all WCCP configure on my router, but my cache engine still got the redirected packet!?
Aug 8 22:41:00 CST: %FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image: Batch type 6 ID 0 download to CPP failed
Aug 8 22:41:30 CST: %FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image: Batch type 6 ID 0 download to CPP failed
Aug 8 22:42:00 CST: %FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image: Batch type 6 ID 0 download to CPP failed
Aug 8 22:42:30 CST: %FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image: Batch type 6 ID 0 download to CPP failed
[code]....
View 1 Replies
ADVERTISEMENT
May 31, 2012
we are using an ASR 1002 for dynamic NAT (with route maps). I do have a Problem with the usage of the NAT pool it self.The total NAT Translations for the pool are:
#sh ip nat stat
[Id: 1] route-map natted-host-01 pool nat-pool-01 refcount 136
pool nat-pool-01: netmask 255.255.254.0
start XX.XX.202.0 end XX.XX.203.255
type generic, total addresses 512, allocated 88 (17%), missee 0
If i now look into the NAT translation Table i do get less entries:
#sh ip nat translations filter map-id dynamic 1 total Total number of translations: 43
Only a deeper look into the QFP gives here the right values:
# sh platform hardware qfp active feature nat data The ouput count matches the values I get if i isue a sh ip nat stat
My question is how is it handled internally.
We do have a problem too, with raising usage of the pool over the time.Once allocated Pool entries are not released after a period of time. And no NAT translation occur for that used IP NAT pool Addresses.
The timer on the device are set:
ip nat translation timeout 300
ip nat translation tcp-timeout 900
ip nat translation pptp-timeout 900
ip nat translation udp-timeout 120
ip nat translation routemap-entry-timeout 900
ip nat translation max-entries 750000
View 1 Replies
View Related
Dec 27, 2011
During the boot ios we found the error messages below. How can i clear this messages?
Missing or illegal ip address for variable DEFAULT_GATEWAY Using midplane macaddr
Missing or illegal ip address for variable IP_ADDRESS
Missing or illegal ip address for variable IP_SUBNET_MASK
View 2 Replies
View Related
Sep 10, 2012
We've got ACE30s (active/standby) running A5(1.2), and a context that's front-ending one of our major applications, doing SSL termination on the client side and SSL initiation on the back side:
parameter-map type ssl FrontEndSSL-Param
rehandshake enabled
parameter-map type ssl BackendSSL-param
authentication-failure ignore
[Code]...
View 4 Replies
View Related
Jan 24, 2013
I have a strange effect at my ACE 4710. I loadbalances normally reliable only 14 WEB-Services.
It's running on SW A3.25. Since several weeks I regognized a dramatical increase of Sticky entries. So when running in limitations (the stolen for reuse counter increased then) (show np 1 me-stats "-slb -v") gave more and more resources for sticky ... last it was at 65% and ran again into limits at round 650500 Sticky entries.
So I began to find out what of the services was affected with most sticky database entries and could Identify it. There were really to see round about640000 entries for that specific service.
The sticky for that service was defined to look at a specific cookie in the http header and the timeout defined is 120 minutes.
So round about 45000 Entries was to see with a "show sticky databse group Cookie_Sticky" with a time-to-expire value of zero in the database like the follwing examüple shows:
timeout : 120 timeout-activeconns : FALSE sticky-entry rserver-instance time-to-expire flags ---------------------+--------------------------------+--------------+-------+ 13765297814690832647
[Code]....
When I modified my Sticky definition with the command "timeout activeconns" all the Zero-Entries were kicked out and the rsources used for Stickywent back to 5% of usage...
View 1 Replies
View Related
Dec 18, 2011
I have a problem configuring URL redirect on ACE 30 (Version A4(1.0)).When a user enters IP address or a name of a service [URL], the ACE module should redirect him to the page [URL]. Here is my non-working config:
access-list OUTSIDE line 8 extended permit tcp any any eq https access-list OUTSIDE line 16 extended permit tcp any any eq www access-list OUTSIDE line 24 extended permit icmp any any
probe http Test_HTTP_1 port 80 interval 60 passdetect interval 30 passdetect count 2 request method head url /index.html expect status 200 200 open 1
rserver redirect URL_Redirect_01 webhost-redirection [URL] 302 inservicerserver host S1 ip address 10.0.0.2
inservicerserver host S2 ip address 10.0.0.3
[code]....
it works, ACE load balances to rservers. Of course, user must enter full url.With redirection configured, user recieves HTTP url redirect message with correct address [URL], but his browser does not display the page. Even directly entered full url does not display it while redirection is configured.Alternatively, does ACE30 already support url rewrite?
View 8 Replies
View Related
Oct 19, 2011
I have a application where I have to redirect a specific URL to another. The point is that the primary URL, have some information that I want to preserv after redirection, for example: url...
The default CSS11501 behavior is to redirect the primary URL to http://xyz.com. Just that.
View 1 Replies
View Related
Sep 20, 2011
i have ACE 4710 appliance that terminate SSL and the connection to the servers is http.
The ACE (one Armed) is load balancing between two web servers and i am using stickness in order to take the connection on the same server based on cookie.I can access the website either by http or https., where on the web page there is a login credential to access using username and password.
When i access the website using https everything works fine and i can login to my account in https mode.When i access the website through http and login to my account the URL is redirected to https...normal because i am using action-list to rewrite the http into https. But when i exit the browser and access the website again using http it is not redirected to https(although i see that i am still login into my account i can see all the inforamtion in my account).
The customer wants the connection to be https even when i exit the browser and access the website again (within short time before the cookie exipres)
View 3 Replies
View Related
Feb 27, 2012
For a CSS with a SSL module (performing SSL termination) - is it possible to impliment a redirect on https URL to send to equivalent http URL.If my understanding is correct, the CSS will do SSL termination and then use an http content rule on the resultant http stream as it is recursively handled by the CSS ? This would mean that the SSL module has no way of seeing/acting on layer 5 and above data (i.e. picking up on a specific URL) and can not itself issue a redirect - i.e. you could not associate a redirect statement or service with the following ssl content rule ? [code]The CSS would instead rely on a http content rule to impliment a redirect - i.e. you would have to associate a redirect statement or service to the following http content rule instead?
But if the CSS is already handling traffic for existing url... traffic that is going to cause a loop when a client goes direct to. url...I realise the requirment is uncommon / a bit convoluted, its one of those don't ask type scenarios - aimed at achieving a specific requirement.Would the ACE 4710 be able to handle such a scenario any differently ?
View 7 Replies
View Related
Jun 21, 2012
I am trying to make a redirect from http to https. the goal is whenever a user writes in http://10.80.199.71 it should be redirected to https://10.80.199.71 I am just haveing some trouble making it work.
View 4 Replies
View Related
Feb 6, 2013
How to configure a redirection on the ACE from HTTP to HTTPS using specific URL example [URL] to [URL], the SSL certificates were installed on the servers.
View 7 Replies
View Related
Apr 26, 2012
I'm running several game and file servers via a dynamic IP, which I unfortunately cannot change to a static connection for several reasons. I've solved this by using No-IP, which is a Dynamic IP resolution service. This solved the first part of my problem - I can give people IP's for their websites, such as myfreemusic.sytes.net and so forth, but they all HAVE to append their ports to the url - i.e.
site1.sytes.net:90
site2.sytes.net:91
My main problem right now is the game servers - I'm hosting games that default host to 25565, and though I can change the ports the server hosts from, I must give those who want to connect the ports at the end of their urls, i.e.
server1.sytes.net:25566
server2.sytes.net:25567
I know DNS is essentially agnostic when it comes to ports, so no solution there. And I don't think the game (Minecraft vis-a-vis bukkit) supports SRV records, and even if they did, I'd have no idea how to configure them. How can I resolve static urls redirecting to a dynamic IP by pointing them to ports?
To simplify the question -
How can I make server1.sytes.net resolve to port 25566, and server2.sytes.net resolve to port 25567 when the default port is set to 25565?
View 1 Replies
View Related
Dec 6, 2012
I am receiving this error after connecting a copper adapter on a GBIC blade in a 6509. Here are the results from the show Interface. I am waiting to confirm the device on the other side settings but as far as I see I get UP and Up for protocol and line respectively.
GigabitEthernet2/11 is up, line protocol is up (connected)
Hardware is C6k 1000Mb 802.3, address is 0009.11e4.f3ce (bia 0009.11e4.f3ce)
Description: RCPBSDEV
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
[code]....
View 3 Replies
View Related
Sep 13, 2012
I must redirect all connections from port 443 to 9443.
this is configered and running:
serverfarm host FARM-002
probe test-xml
rserver svx-xmlfw-lb-01 9443
backup-rserver svx-xmlfw-lb-02 9443
inservice
rserver svx-xmlfw-lb-02 9443
[code]....
I have in the moment following problem. All connections become redirectet to port 9443 but port 8080 shouldn`t be redirectet to port 9443. What can i change in my config to solve this problem?
View 6 Replies
View Related
Oct 7, 2012
I have Cisco 2800 series router. When I am trying to write memory getting error message " Error opening flash:config-backup-1 (No more root directory entries available)" When there is simultaneous access to a router's NVRAM, we might encounter these errors. In order to clear the line the other user(s) is (are) connected on and free the NVRAM, issue the clear line command. But still getting the same error message.
View 1 Replies
View Related
Feb 16, 2012
I am facing problem with ACE configuration. I want to redirect 443 traffic to my Proxy Server. But I am not able to do this. I want to redirect only subnet 192.168.80.0/24..Then only it is working but I dont have to have this policy to be applied on all the users only one subnet I want to have under HTTPS policy.
how can I apply the policy only on specific subnet so that port 443 traffic can be redirect and rest of all subnets can go direclty to Internet.
View 8 Replies
View Related
Aug 24, 2011
I'm attempting to redirect SSL from the base site to a different page on the same SSL site. I want to redirect https://10.4.16.54/* to[URL] . If I enter[URL], site loads, but if I enter simply https://10.4.16.54, it times out. The ssl_sharepoint service is my ssl_proxy_list.
content Sharepoint_https
flow-timeout-multiplier 10
sticky-inact-timeout 35
vip address 10.4.16.54
application ssl
[code]....
View 5 Replies
View Related
Aug 22, 2011
Any document that details the steps to change the FT ip addresses of a pair of Cisco 4710 whilst they are running in a production environment without causing an outage?
Would the steps be:
On the secondary unit:
hbs-syd04-lb01ft interface vlan 417 ip address 172.30.254.221 255.255.255.252 peer ip address 172.30.254.222 255.255.255.252
Then on the primary unit:
hbs-syd04-lb01ft interface vlan 417 ip address 172.30.254.221 255.255.255.252 peer ip address 172.30.254.222 255.255.255.252
Or Vice Versa?
View 1 Replies
View Related
Jun 6, 2011
How to change host name in CSS11500 Series. I cannot find any documentation for that matter.Is there any impact in the system to change the host name?
View 3 Replies
View Related
Apr 29, 2013
Upgrading a 4710. This is a brand new ACE out of the box and I have tried to upgrade a couple of times but get the same error... Here are the details:
switch/Admin# copy ftp://10.0.0.1/c4710ace-t1k9-mz.A5_2_2.bin image: Enter the destination file name[]? [c4710ace-t1k9-mz.A5_2_2.bin]
File already exists, do you want to overwrite?[y/n]: [y] y Enter username[]? ace Enter the file transfer mode[bin/ascii]: [bin]
Enable Passive mode[Yes/No]: [Yes]
Password:
Passive mode on.EXT3-fs error (device hdb2): ext3_new_block:
Hash mark prinAllocating block in system zone - block = 163843ting on (1024 by
Aborting journal on device hdb2.
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
[ code]......
And it keeps going on with this message. I also tried tftp and I get the same thing:
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6147
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6148
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6149
[code].....
View 7 Replies
View Related
Oct 26, 2011
I´m Trying to synchronize the clock with NTP server external, these ntp server only support NTP version 3.Can I change the NTP version in the ACE4710 Appliance to support the ntp server external?If is possible, How I can change it ?
This is the version:
Cisco Application Control Software (ACSW)
TAC support: [URL]
Copyright (c) 1985-2011 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
[code]....
View 1 Replies
View Related
May 17, 2012
I am facing a problem while updating the SSL certificates in ACE 4710. Our certificate is expired and we have purchased a new certificate from CA. Moreover the common name of the certificate is also changed.
I tried importing the certificate to the repository and change the SSL proxy likewise to use the new certificate. but still the new certificate with new CN is not recognised by the clients. they can see the old certificate only. I even tried deleting and creating a new ssl proxy service with the new cert and attaching it to policy map.
View 2 Replies
View Related
May 17, 2010
I've got an issue with a CSS 11501 where, if *any* change is made to a global keepalive (active), the device reboots. The code is 08.10.2.05. I'm unable to search the TAC archive or I would've gone there first.
View 2 Replies
View Related
Oct 26, 2012
We are trying to upgrade throughput on ACE appliance 4710, getting below mentioned Error. We got license file from Cisco first license is for 0.5 to 1g, 2nd 1g to 2g and 3rd one is for 2g to 4g.
Our environment is critical, hence we are doing upgrade on Secondary appliance first. for that we are first isolating Secondary appliance by disabling up link switch port.
ACE-Shared/Admin# license install disk0:ACE20121016124306914.lic
Installing license... failed: Can't install this license with the current count
[code]...
View 4 Replies
View Related
Feb 23, 2011
i'm getting "general network error" while accessing application from server..
client machine: Windows 7
server machine: Windows 2008 server
Switch : 24 port unmanaged D-Link switch ..
network cable: CAT-5 cable.
View 1 Replies
View Related
Nov 20, 2012
When trying to view the status in the Monitor tab and the Config tab after you log in to the ACE 4710 Device Manager A5 (1.2) management GUI tool, I could not retrieve the status data and the following message appeared.
"Faild to upload Adimn configuration: There is error in loading configuration: Error in loading RMO config from DB:The given index XXXXXXXXX.bak does not match table index definition"
Other features include all normal, so I can get information by using the CLI.In addition, this configuration is redundant in the Primary / Secondary, this event occurs only on the Primary.
Other:-XXXXXXXXX.bak is a backup that you created in the checkpoint, and it does not already exist.
-When I'm logged on to the GUI, the above message is displayed in the status bar always.
-It was not recovered by ACE restart it.
-When I try to create the same configuration in a different environment, it did not reproduce.
View 2 Replies
View Related
Jan 13, 2010
I am using D-Link DIR-615, I need to ask is it possible that i change the error page "Forbidden Web Access" ? I have blocked some websites and i dont want ppl know that it is blocked by router because in D-Link default error msg it is clearly mentioned that " This page is not included in the router's Allowed Web Site List". Is it possible that i redirect error page to some other site? or change error message?
View 2 Replies
View Related
Jun 20, 2011
Cannot turn off my windows firewalls on my vista toshiba after removing a scam Vista antivirus spyware download.. Cannot access any ports,Whenever I try to open a web browser, my disk defragmentation, ccleaner
View 1 Replies
View Related
Apr 4, 2013
Lately, Ive been trying to change my router DNS to OpenDNS. Somehow, after changing it, I couldnt access the router page at 192.168.0.1, getting the error 500 message. I unplugged and plugged the router with no effect. Im using a dlinkddns.com dynamic IP, and have a few ports forwarded for my DVR. The router model is DIR 615. want to change the DNs for speed and filtering purposes.
View 4 Replies
View Related
Aug 25, 2012
I am going to configure the NATing on ASR1002 and expecing to have near about 1Million nat translation. Will ASR1002 support 1million nat translations ? how many NAT translations are supportable on the ASR1002 ?I am going to configure NAT on ASR1002-5G/K9 U& have FLASR1-FWNAT-RED.
View 1 Replies
View Related
May 29, 2013
Right now I have a ASR1002 running a very old IOS version.Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 12.2(33)XNE, RELEASE SOFTWARE (fc1) asr1000rp1-ipbasek9.02.05.00.122-33.XNE.bin – 25-NOV-2009?
I am looking to upgrade to a newer version.I was wondering if there are any tricks when upgradeing this IOS. Is it as easy as loading the IOS onto the ASR and then changing the bootpath or is there an upgrade path I must follow? Also would there any need for a licence between 2.x and 3.x.
View 2 Replies
View Related
Jan 27, 2011
The loopback of the ASR1002 is 2.2.2.2. When I use a browser to access it, I got the authentication dialog box asking for username/password. I input the information and submit. But authentication box comes back again and ask for the username/password.
The username/password is test okay. But somehow, the web GUI just does not use it.
View 2 Replies
View Related
Feb 5, 2009
Is the GLC-LH-SM SFP compatible with the ASR1002 and how does it differ from the SFP-GE-L adapter?
View 4 Replies
View Related
