Cisco Application :: CSS11500 SSL Handling For Multiple URL

May 29, 2012

I know that it's possible on the CSS to handle multiple incoming HTTP requests that terminate on the same IP address and port and balance them to various servers based on the url. For instance, I can set up URL at the same address in DNS, and set up two different content rules:
content cats
vip address
port 80
url "//*"
add server cats1
add server cats2
content dogs
port 80
url "//*"
add server dogs1
add server dogs2
Easy and straightforward.
But what if I want to add SSL handling for URl. I'm not sure how to create the ssl-proxy-list where one content rule (ip address/port) combination needs to pass through the ssl module and get matched with the proper ssl certificate.
Can this be done?  Can one associate multiple certs and keys with a single ssl-server entry and a single ssl accelerator service?  Or do I have to create multiple ssl-proxy-lists for cats and dogs and build multiple ssl services each referring to a unique ssl-proxy-list, and then use the url parameter in the https content rule to determine which ssl service (and therefore which key/cert pair) gets the traffic?

View 1 Replies


Cisco Application :: CSS11500 Connection Counts

Jul 19, 2011

Why do my connection not clear when my service goes to a down state.  The only way I can get the connections to clear is by bouncing my content rule.  CSS11503 version - SSL all the way to the server  --- I also have flow permanent port3 443 configured, but I don't understand why the other two servers go to zero while server01 never goes to zero.  If I remove the flow permanent port3 all the counters go to zero, but I would think if the servers goes down then the connections should go to zero regardless of the flow permanent port configuration. [code]

View 3 Replies View Related

Cisco Application :: HTTP 404 Errors In CSS11500?

Sep 11, 2012

I'm seeing the following error on one of our real server. Is there a way to find out who is spamming?
10.x.x.x(VIP) - - "POST /slmruntime/service HTTP/1.0" 404 1214

View 1 Replies View Related

Cisco Application :: CSS11500 Balance Using IP Source?

Jun 13, 2011

I am not able to find information of how to configure a balance in CSS11500 depending of the IP source. I want to do the next:
Site A :
Site B :
Both sites access to the same VIP: http://vip_balnace_IP but depending of the source the should be balanced to diferentes servers.
Site A -> VIP_balance -> server1
Site A -> VIP_balance -> server2
how to do that?

View 2 Replies View Related

Any Application For Remote Request Handling

May 22, 2012

We have a Terminal Server through which everyone access their outlook. To avoid any impact on its performance, we have disabled the IE in it. Everyone access the terminal server using the Remote desktop.For the above mentioned setup, is there any way to make the weblinks in the remote machine to get open in the main machine? Main Machine or the Local Machine runs with Windows 7 OS.

View 3 Replies View Related

Cisco Application Networking :: Change Host Name In CSS11500 Series

Jun 6, 2011

How to change host name in CSS11500 Series. I cannot find any documentation for that matter.Is there any impact in the system to change the host name?

View 3 Replies View Related

Cisco Application :: Managing CSS11500 Loadbalancers In Cluster Mode

Jul 1, 2012

This is a newbie question regarding CSS11500 series loadbalancers as I trying to get up to speed with managing them as part of my job.  I noticed that there are a couple of CSS "clustered together" since I see they are managed using a single ip address.
My question is around how to establish a session to each individual device in this cluster, if at all possible?  If is not possible, how do manage the secondary device in this cluster to perform tasks such as copying new software to it, backing it up, etc.?        

View 1 Replies View Related

Cisco Application :: CSS 11503 - Multiple Content Groups?

Oct 4, 2011

I currently have a content group as follows;
content My_Group
add service blade1
add service blade2
add service blade3
vip address
advanced-balance arrowpoint-cookie

So I have 3 blades which are proxy servers and user go first to an MS ISA server then the VIP of the CSS and then the rules processes them give them a blade and chuck them out onto the Internet.
I want to leave the above rule, but remove one blade create an additional content group with that blade and have it process requests for a particular site so, I would create the following
content My_Group2
add service blade3
vip address
advanced-balance arrowpoint-cookie

So my question is can I do that having the same VIP's etc so if a request comes in and it matches that the second content rule matches it 'better' and therefore processes it or would it still be caught by the "/*" content group. I don't want to create more VIPS as I have a real ache getting firewall rules done.

View 9 Replies View Related

Cisco Application :: ACE 4710 - Rserver With Multiple Ports?

May 28, 2012

Currently migrating from a CSS to a new ACE for all our inbound ssl connections.
On the CSS, I could define multiple backend services, different tcp ports and 1 IP.
service TEST_HTTP22
protocol tcp


But now I have to define each backend web server as an RSERVER and it doesnt allow me to configure 2 rservers with same IP.

View 11 Replies View Related

D-Link DIR-655 Not Handling Torrents

Apr 12, 2013

My current modem, the Arris DG860, when in router mode, handles uTorrents set to 1500 max connections fine, same with my FIOS Actiontec router at my work. However, I just bought a DLink DIR655 router (which I thought I researched properly to be great with torrents) and it crashes even with max connections set to 300 in my client.

Tempted to return the thing and get a better router, any great wireless router that has awesome range and can handle lots of torrenting?

View 7 Replies View Related

AAA/Identity/Nac :: ACS 5.1 Handling Of Encrypted Backups (gpg)

May 24, 2010

I've noticed, that ACS 5.1 is writing .gpg archives for backups. I'm about to upgrade an evaluation system and the Installation and Upgrade Guide tells me to do a full backup and restore in order to upgrade an eval to a production system. [URL] (second note in section "Evaluating ACS 5.1)
Question: can the production system sucessfully decrypt the backup? According to my personal gpg it is CAST5 encrypted with one passphrase. Is this passphrase constant for all ACS 5.x?

View 1 Replies View Related

Cisco Switches :: 2960 / Priority Queue Out Handling?

Mar 6, 2012

We're testing the reference system shown in the figure below. System Description Four 2960 switches are used for transport;Equipment 1 and Equipment 2 exchange packets for synchronization;To reach synchronization  Equipment 1 and 2 must exchange data with a very low jitter. 2960 Configuration details Four our test puprose, we're using 100Mbit/s ports (22 and 23) as trunk.In order to obtain minimum jitter We performed these configurations:We Enabled QoS;We Marked Synchronization packets with CoS 7 and DSCP 63;We marked other kind of traffic inserted in different ports) with CoS 0;We set "trust DSCP" on trunk ports;On the trunk ports we mapped traffic with CoS 7/DSCP 63 (and only this) on output queue 1;We enabled the expedite queue (priority-queue out). QuestionWith these settings we aim at forcing our synchronization packtes to precede other kind of traffic and go from Equipment 1 to Equipment 2 with minimum jitter.Unfortunately we experienced  high jitter when both synchronization packets and other traffic are sent through the systems.

View 9 Replies View Related

Cisco Application :: ACE 4710 Multiple Services Running On Load Balanced Servers

Jan 30, 2012

Our Exchange 2010 hub servers run multiple services/ports:  smtp, www, pop3,135, 143, https, 993, 995, 6001,6002,6003,60200,60201,8400, and 8402 what is the best way of balancing these servers so that if only one of the services failed on a server, it would switch only the failed service to remaining servers. At present I only use an smtp probe, so as log as that sevrice is running the server is marked good.

View 3 Replies View Related

6 People In 1 House Wireless Router Not Handling Traffic Well

Nov 16, 2011

I'm living in a house with 6 people on 2 floors, and the router isn't handling all the traffic well. I have an extra router that might be able to serve as an wireless access point, but from what I've been told that wouldn't solve anything if the problem was that the first router doesn't have the capacity for that much traffic. It's a 50+ dollar wireless N router though and fairly new (forgot the model number)

View 5 Replies View Related

Cisco Firewall :: 5520 AnyConnect Mobile Not Handling Certificates Correctly

Oct 31, 2012

I have an SSL VPN set up on my ASA 5520 with a self signed cert. When I run the AnyConnect install on my desktop machine I have click through a few windows to accept the certificate. When I connect through the mobile client on Android, the connection goes right through without a prompt to import/choose/download a certificate. I'm able to connect but I'm wondering if the phone has actually recieved a certificate. I'm in the 'Advanced Connection Editor' screen and the certificate setting says "Automatic".

View 2 Replies View Related

Cisco Application :: ACE 4710 Server In Multiple Server Farms

Jul 23, 2012

I put multiple rservers in multiple server farms?
So for example rserver1 and rserver2 are put in serverfarm production1 and are in use with particular sticky and load balancing settings.
Can I then create serverfarm test_production and put both rserver1 and rserver2 in it?  Then play around with the sticky and load balancing settings as a test without affecting the production serverfarm.  

View 1 Replies View Related

Cisco Switching/Routing :: Is 3750 SW Capable Of Handling Full Routing Tables

Oct 8, 2012

Is a 3750 sw capable of handling full routing tables and what can you recommend in a small mutihomed BGP router or switch capable of handling full routing tables?

View 2 Replies View Related

Cisco Application :: ACE20 - Config Application In Progress Message

Dec 3, 2012

Everytime I make a config change to one of the contexts on our ACE20, I get this message: Config Application in Progress. This command is queued to the system
If I run show download info, I get:
context : context1
Interface                     Download-status
187                         In Progress
199                             Pending
Regex download optimization status : Couldn't get status[TNRPC Timed out]
It eventually seems to complete, but it takes a very, very long time. We are running Version A2(3.5) [build 3.0(0)A2(3.5)].

View 2 Replies View Related

Cisco Wireless :: C1131AG - Multiple SSID With Multiple VLANs Configuration On Aironet AP

Oct 21, 2012

how i can configure a second ssid for guest access in our environment. this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time. My AP config is attached below.
Do i need to redesign the whole network to have a native vlan other nthan the data vlan? Does the access point need to be aware of the voice vlan? Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?

View 1 Replies View Related

Cisco Wireless :: Configure Multiple SSID With Multiple VLANs And DHCP Pool WAP4410N

Sep 18, 2012

My question is if I can configure 3 ssid, for 3 different VLAN and add the DHCP address from a WAP4410N AP, when you upgrade to the latest version of IOS I can have this functionality?

View 2 Replies View Related

Cisco Application :: Application Slowness Through ACE 4710

Mar 27, 2013

Report run via Individual Web server URL’sThe report takes less than 20 minutes (average 15 minutes) to fetch and return the data. This is observed 9 out of 10 times.Report run via ACE Load Balanced URLThe report keeps on running for more than 20 minutes and never completes. The front end keeps showing report is running.The data in general when tested directly by running queries against the database (bypassing the platform) completes in 15-18 minutesThe network connectivity for each and every ports involved (Loadbalancer/Servers) have been throulgly checked.

View 6 Replies View Related

Cisco Switching/Routing :: 6509 - Configure Multiple Dhcp Pools On Switch For Multiple VLANs

Mar 9, 2010

Is it possible to have multiple dhcp pools for multiple VLANs? The switch is a 6509 and/or 4506 catalyst. I don't want to use server-based products.

View 5 Replies View Related

Cisco Wireless :: WLC 5508 Multiple Interfaces For Multiple SSIDs

May 13, 2013

I am trying to build a new network from scratch, I have the WLC 5508 w/ Aironet 3600e APs connected to my Netgear Smart Switches and a Linksys RV082 router that I'm using as my DHCP server with several VLANs for several stuff on my Switches.
I have 2 questions:
1. Can I have 5 Interfaces configured on 5 different VLANs, each SSID on each a different Port:
Port 1: Controller management only=> 192.168.x.x /24
Port 2: SSID 1: WiFi Internal=> 172.16.x.x/12 (Radius Auth with no sharing)
Port 3: SSID 2: WiFi Internal w/ sharing=> 192.168.x.x/24 (Radius Auth with sharing)
Port 4 :SSID 3: WiFi Guest=> 10.0.x.x/8 (Web Auth)
Port 5: SSID 4: WiFi IT=> 192.168.x.x/24 ( Radius or certificate Auth with access to the controller management interface)
2. How can I use the Controller as the DHCP server for all the WiFi traffic, and how should that be configured to work with my other DHCP server?

View 3 Replies View Related

Cisco :: Configuring AP1121G-E-K9 For Multiple SSID With Multiple VLAN?

May 28, 2013

i`m facing a problem configuring the mentioned access point to act as stand alone access point with multiple SSID assigned to differnet VLANs the problem is that

1) i`m not able to broadcast the both SSIDs in the same time from the Access point

2) i need to make the radius server to manage the SSID access for the wireless clients (trying to find a way in which the aceess point sends a log for the radius server containing the VLAN id /IP address of the the SSID) you may find the below info about the IOS ver. & the configuration?
i`m running IOS /c1100-k9w7-mx.123-8.JEE/c1100-k9w7-mx.123-8.JEE?

View 2 Replies View Related

Cisco :: Application Layer Service The Same As Application Layer Software?

Apr 3, 2012

I am taking an introduction class to CCNA and we are focusing on the Application Layer,and I'm having some difficulty in understanding what is an Application Layer Service. Is the Application Layer Service the same as Application Layer Software?

View 3 Replies View Related

Cisco Wireless :: 5508 Assign Single Ssid To Multiple Interface Groups By Assigning Ssid To Multiple AP Groups

Aug 26, 2012

Is it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups? 
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building.  Each building is also further grouped as AP groups.  I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building?  I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?

5508 controller  code
6 buildings
6 interface groups
1 ssid

View 4 Replies View Related

Cisco Application :: ACE Upgrade From A3 2.0 To A4 2.7

Jan 23, 2012

Is it possible to upgrade ACE 4710 from A3 to A4? What does this actualy means by A3, A4 & A5.
I want to upgrade ACE from A3 to A4 becase I want to enable switch-mode on ACE.  Current S/W version is A3 2.0 which is not supporting this command.  While reffering the command refernce guide saw that this command is supported in A2 & A4 version from 2.0 itself but for A3 in 2.7 (which is the latest) also this is not supporting this feature.

View 4 Replies View Related

Cisco Application :: LMS 3.2 SSH Sessions On ACE?

Apr 11, 2013

I have an issue with LMS not terminating SSH sessions on the Cisco ACE?

Cisco LMS 3.2
Cisco ACE A2(3.3)

View 1 Replies View Related

Cisco Application :: Upgrade GSS 3.1(2) To 4.1?

Apr 5, 2012

I have two GSS. One in side A and one in side B. This in side A is primary and make management function, this in side B is secondary. Site A and B are DC work in active-active.
I have version 3.1.2 and I have to upgrade to 4.1 becouse 4.1 work with DNSSec. This is true?
I read that first I have to upgrade primary. But what with secondary? How it work? When I will be upgrade primary it will be not impact to synchronization with secondary?

View 3 Replies View Related

Cisco Application :: ACE 2.2 URI Rewriting

Apr 8, 2013

We've got an application that broke after upgrading our ACEs from A5(2.1) to A5(2.2); the problem lies in how the ACE handles URLs with embedded backslash characters in them - e.g.: URL
Prior to the upgrade the ACE would forward these to the back-end servers; after the upgrade the ACE resets the client connection.
(We're doing SSL offload on the ACE; the back-end connection is HTTP over port 80, only the client-side traffic is over SSL.)
Some browsers will convert these to percent-encoded form - i.e. URL
and things work for these; but other browsers won't do this.  So I'd like to set up a rewrite rule in the ACE that will replace any (or at least the first) '' with the string '%5C'.  Just how to do this isn't clear from the command ref, and the config guide is a tad shy on similar examples.

View 1 Replies View Related

Cisco Application :: XFF On CSS 11503?

Aug 1, 2011

Is the XFF [URL] on the Cisco CSS 11503?  If not, is it on the roadmap for a future code release?

View 1 Replies View Related

Cisco :: How To Allow Yahoo Chat Application

Nov 28, 2011

I would like to allow yahoo chat application to a particular user in my office thru Cisco ASA, can i have configuration for this The list of IP addresses and port number which is Yahoo Chat is using.

View 2 Replies View Related

Cisco :: To Drop Specific Application Using Qos In Asr

Sep 15, 2012

As per CISCO QoS document URL, IOS from 12.2(13)T support drop command in policy map. But our CISCO ASR 1013 having IOS of Version 15.2(1)S1 doesn't have drop syntax.How can we drop specific application using QoS in ASR 1013 of IOS version 15.2 and higher?,Can I allow few users for a particular application (like P2P) and drop other users based on users source IP?

View 2 Replies View Related

Copyrights 2005-15, All rights reserved