I was trying to implement stickiness based on cookie. Server inserts a cookie and sends it to the browser. I learned from app team that this cookie is changing dynamically during the session, so stickiness based on server’s cookie doesn’t work.
Now I want to investigate into possibility of ACE to insert a cookie. My question is: ACE feature of “cookie insert”: does it add additional cookie into http header without removing server cookies or it deletes the cookie(s) that server put into http header and replaces them with its own cookie?
I’m wondering if there is a way to configure CSS11503 running 8.10 so that the servers in the content rules can see the client port number?The servers can see the client IP, but not the port!! It seems when forwarding packets to the servers in the content rule, the CSS uses a new high-number port when communicating with servers.
We are using an ACE engine module(ACE20-MOD-K9) provide loading balancing service for two WEB servers and configured cookie for stickness. Below is the current configuration and it seems working fine now.
The problem I was facing is before use parameter-map change the http header length to 8k the stickness doesn't really working properly. User complains that their working session constantly be kicked out and redirect them to login page. By tracing traffic from a client we found that sometime ACE fails or stop insert the configured cookie, after increase the header length ACE start getting work.
how does the header length setup effect ACE to insert a cookie? Will the cookie insert attmpt fail if the header is longer then the maximum length configured on ACE? [code]
We have a CSS11503 that is currently being used to accept incoming HTTPS and SSH connections on a specific VIP and then PAT those client connections. I understand that it also PATs the server initiated connections. [code]
I have an ACE20-MOD-K9 with version A2_3_6a, and i am having problems in cookie persistency. the setup contains 4 servers using round-robin algorithm and cookie persistency and that receive http traffic on port 9090. I have been receiving complains that the users are getting disconnected randomly while accessing the web application through ACE. Below is part of the config, when setting the timeout of the cookie to default or something equal to hours, the disconnection/complains gets worse.
We have ACE 4710, It is configured with IP based stickiness and working fine for a web application server (BMC Remedy). We tried configuring cookie based stickiness for the same server. Server application is having JSESSIONID.But after configuring cookie based stickiness, there is an issue that the first page is coming for entering login credentials and after entering it the page is blank or not responding. What is the pre-requirement for configuring cookie based stickiness in ACE for BMC Remedy web application and which type of cookie based stickiness is suitable or possible?
I have a requirement to load balance OWA 2010 inbound connectivity to 2 CAS servers using a ACE 4710 with sticky sessions enabled.
The CAS servers are currently responding on 80 or 443 at this moment in time. Eventually I want to off load the SSL to the ACE 4710, its currently running on the CAS servers. I need to enable sticky sessions to keep the session to the same CAS server for each internet based connection. I also have a proxy enabled for inbound connectivity so I cannot use source IP.
Here is my configuration but it doesn’t seem to be working, i am currently testing with port 80 connections not SSL.
I know the CSS is too old but I have one in production environment and I was asked if it is possible to CSS to make NAT from inside addresses and translate them into one external IP address to diferent kind of communications, for example: 172.16.4.9 and 172.16.4.10 (inside addresses) should start connection to external IP addresses destinations 22.214.171.124 / 126.96.36.199 188.8.131.52 / 184.108.40.206 and so on, the default gateway to those Servers is the CSS and I would like to know if it is possible that all connection to external world to be translate into one IP address 172.16.4.100.
We are using a ACE 4710 with A3(2.6) software release.I had to change our sticky load balancing method for HTTPS to cookie based.However while connections appear to work if I look at the show sticky database table I can not see or confirm sticky entries for the cookie based connections.Here or config snippets to show the config
In RFC 951, the format of BOOTP packet was legislated, but the vendor information was not legislated in this document, so the authors of this document had described that :"If the 'vend' field is used, it is recommended that a 4 byte 'magic number' be the first item within 'vend'. This lets a server determine what kind of information it is seeing in this field. "
I think it meant that the format of vendor information wasn't fixed in RFC 951, and any vendor can legislate a new format of vendor information by itself. And the value in "magic cookie" can be set by any vendor.But in RFC 2131, the format of DHCP packet was legislated, and the "magic cooke" was fixed to values 99, 130, 83 and 99, I think it meant that the format of option information in DHCP packet was fixed absolutely and any vendor can't legislate a new format by itself.
Since the format of option information in DHCP packet was fixed absolutely, why the network device needs "magic cookie" to identify the mode in which the succeeding data is to be interpreted ? I think the magic cookie is not useful in DHCP packet because the format of option information is fixed. In other words, there is only one format of option information forever.
We use filter rules on an ASA5510 firewall to direct clients to a web filtering server which generally works very well. However lately we're finding that despite having more web filtering licenses than users, the web filtering licenses are being consumed up, mainly because of a recent increase in the rollout of ipads, iphones, androids etc. We could deploy a proxy server in the wireless DMZ to make all the wireless devices appear to web filter as a single IP, and apply a single policy, but that brings it's own problems. My question is: Is there a way to hide them all behind the interface IP instead, so that all wireless devices appear to the web filter on the LAN as the wireless dmz interface IP rather than the wireless device IP?
I have configured a L2L VPN on a Cisco 1841 ISR. I am statically NATing some of my internal hosts to IP addresses that are included in the encrypted traffic. Please note that not all of the internal hosts are being NATed. I am doing this to hid some of the real IP addresses on the inside network. I have confirmed that the VPN works, as well as the NATing of the VPN traffic. I have traditionally configured L2L VPNs on Cisco ASA 5500 series appliances, and this is my first attempt with the 1841 ISR. I just want other to take a look a see if I missed anything, or, could I have done some of the configuration more efficiently. All comments are welcome.
I Lease fiber between two locations, My operator limiting number of MAC addresses to 8 macs. Is there any possibility using some feature available in the Cisco 3750 switches to (hide mac addresses) encapsulate traffic witch flowing via operator network ?
I need to send data between locations with 1Gb/s speed. If 3750 switches can't do that, which models of switches 1 or 2U can do it. May Metro switches ?
how to hide Wireless SSID via Wireless controllers (one I am using is 5505)
Currently anyone can attmept to login to it as i cant find any options to hide it! Screen shot below)
what measures I should take to secure the APS and from access, currently considering port security and static mac addresses on ports; traffic is already got ACLS on its vlan. I have little to no experience on Wireless devices.
I just want to know how or is it possible to hide sent/receive packets from the Router I cracked few days ago?I'm using wifi card airlive wl-1600 usb and the router is TP-Link.I mean how much is possible to hide my connectivity and everything from me with this router?
I know that when you surf the web, websites can log your IP & MAC address.If you get my jist, I don't want my laptop to be flagged on a few web sites I have been on.My plan is to use another pc, that has a wireless braodband dongle from a mobile phone company.The pc will be attched to the wireless router via Ethernet, but banned from access the web via the router. This way I can connect remotley from my laptop.
I have a program that connects to a game I play and does some actions on my game accounts (selling items etc).
I have set up several accounts to generate "income" in game and want to alter/hide the IP address shown connecting to those accounts so that my own IP is only associated with my main account. However it's an MSDOS program and I dont want to alter the IP shown/used for other programs on my pc.
Is there a way to alter the IP shown for specific programs only? And will it handle MSDOS programes?
I'm using wireless iternet supplied by my roomate. They have the router and service, and have given me code for use on my computer. How do I hide my web history in a way that at least they don't know what it is if seen?
I named my network "abc," and the system appends "-guest" to it, i.e.., "ABC-guest", to use as the guest network name. I want to hide the name of the primary/private network completely. Why can't I do that? I know I can use a different password.
All my switches were connected together as ring topology. We use REP to block redundancy link.One of my colleagure was setting up a new link(VLAN) for one customer which was then caused a L2 loop. The CPU was hitting 100% and REP started to lost neighbors then we had a big outage.I am thinking to deploy QoS on all REP switch (on trunk links from switch to switch) to give priority to control traffic like REP and some importance data VLAN. Of course,Storm-Control already implemented on all access-port.
Nowadays, people have smartphones, typically iPhones and Android phones, and they all have WiFi.We already have a wireless net set up, with 802.1x security, where people connect using certificates and user informations stored in AD..I would like to see the smartphones use the same SSID as the computers, using the owners user info from AD.But I think user info from AD only is too weak (since I cannot use certificate enrollment on the phones), so I would like to add the smartphone's mac address to the internal hosts database, too, so I have 2 layers of security:If smartphone mac exists in internal hosts, then authenticate it with AD information.When I try this, I only get the message that the user credentials does not exist in Internal users, and then it fails.
I have successfully set up a pptp vpn from my new rv220w. I have also successfully logged in using 2 seperate laptops and also my iPhone. They all work great. There is one issue. When connected and I log into the router it does not show these laptops or iPhone as being connected to the vpn. There is two spots that its supposed to show the page refreshes and shows nothing connected. Is there a setting I am missing?