Cisco Application :: CSS11503 / How To Preserve Client Port On CSS

Mar 12, 2012

I’m wondering if there is a way to configure CSS11503 running 8.10 so that the servers in the content rules can see the client port number?The servers can see the client IP, but not the port!! It seems when forwarding packets to the servers in the content rule, the CSS uses a new high-number port when communicating with servers.

View 2 Replies


Cisco Application :: CSS11503 SAM Module On 99% Utilization

Jul 27, 2012

CSS11503 that has a SAM module having a 99-100% utilization. Can this affect the services if both the accelerator module cpu peak to 99%.
Kindly see below logs:
LPHGT11# show system-resources
System Resources for 1/1:
Installed Memory:   268,435,456 (256 MB)


View 2 Replies View Related

Cisco Application :: CSS11503 To Check Balance Of ACA

May 27, 2012

How can you check if balance ACA is enabled in CSS11503? How can you see also if the content switch(CSS11503) is load balancing using balance ACA? "show load" command does not show it.
xxxxxx# show load Global load information:
Calculation method:Relative                        Step Size:Dynamic Configured:10  Actual:1280
Threshold:254    Ageout-Timer:60     Teardown-timer: Configured:20  Actual:20
Service load information:                                   Average      Average     Peak Average        Service Name             Load Number  ResponseTime  Response Time ----------------------------------------------------------------------- DNS1                            4            8999          33972 DNS2                            4            8884          28254 SSH-WPHGT11                     2            0             87509 WPHGT11                         2            0             0 def-gwy-server                  255          0             0 fe1-gw1-radius1                 2            0             0 fe1-gw1-radius2                 2            0             0 fe1-gw1-wap-8799                8            15344         662337 fe1-gw1-wap-9200                2            [Code].....

View 3 Replies View Related

Cisco Application Networking :: CSS11503 To ACE4710 And Server Side NAT

Dec 16, 2012

We have a CSS11503 that is currently being used to accept incoming HTTPS and SSH connections on a specific VIP and then PAT those client connections.  I understand that it also PATs the server initiated connections. [code]

View 1 Replies View Related

Cisco Application Networking :: How To View Available Flash Space In CSS11503

Jun 28, 2012

What is the equivalent of the command "show flash" in IOS for the CSS11503 as I would like to view available flash space on the CSS11500 series load balancers?

View 3 Replies View Related

Cisco Application :: CSS11503 How To Hide Cookie ARPT Info

Jun 28, 2012

I have two CSS 11503 in my network, recently we had configured sticky with advanced-balance arrowpoint-cookie.
The sticky is functioning but we found our server's private IP in the IE cookie ARPT box.
Is there any way to hide ARPT info? Below is an example configuration of my CSS and attached screenshot is Firefox cookie info.

content 5301
 add service
add service


View 1 Replies View Related

Cisco Application :: CSS11503 / Make NAT From Inside Addresses And Translate Into One External IP Address?

Dec 8, 2011

I know the CSS is too old but I have one in production environment and I was asked if it is possible to CSS to make NAT from inside addresses and translate them into one external IP address to diferent kind of communications, for example: and (inside addresses) should start connection to external IP addresses destinations / / and so on, the default gateway to those Servers is the CSS and I would like to know if it is possible that all connection to external world to be translate into one IP address
My CSS is 11503
Version: sg0810106

View 2 Replies View Related

Preserve Vlan Tag Over ADSL?

Oct 26, 2011

Customer needs to send tagged traffic from various DSL sites (DSL is with us) and wants to be able to see vlan tags in the core. Essentially each site will have a vlan tag associated with it.

View 19 Replies View Related

Two Client Socket For Same Application?

Mar 31, 2012

I have two wi-fi network, and i have written client server model in c (Linux), client has three threads and each thread having different physical wi-fi conection to server. But the problem is that, overall data rate is not increased by this, it is similar to using with one wi-fi connection.

View 1 Replies View Related

Cisco Application :: 389 Vip Not Responding To Client Requests On ACE

Jan 4, 2012

client is unable to establish a connection to the backend servers via the vip on port 389 ,636 configured that servers are listening on these ports .even the probe is successful on port 389 but not getting any response back from the servers. [code]

View 1 Replies View Related

Cisco Application :: ACE-20 Module In Bridged Mode With Client NAT

Apr 15, 2012

Whatever a NAT is supported for ACE-20 module? I do need to convert working CSM(SLB) config to ACE configuration and I am not quite sure if the configuration below is correct. ACE module should be configured in bridge mode with two vlans - vlan 36 (client) and vlan 436 (server) - bridged with interface bvi 36. NAT on ACE configurad as "nat dynamic 1025 vlan 436" into corresponding "policy-map type loadbalance". Check two parts of configs and if the ACE config is properly converted from CSM and will be working in the same way (especialy for NAT). [code]

View 2 Replies View Related

Cisco Application :: ACE-4710 Forwarding Of Client Certificate Information

Nov 25, 2009

I have an environment with SSL termination and client authentication with a client certificate. Now, the backend server application needs to be informed of the client DN information present in the presented client certificate. Is it possible to tell the ACE to send specific client certificate fields to the backen server via insertion of an HTTP header or, to forward the entire client certificate in any way to the backend server ?

View 2 Replies View Related

Cisco Application :: ACE4710 Troubleshooting Connection Failure From Client

Nov 12, 2012

I have a ACE4710 setup to load balance a couple of web servers. The real servers all show as inservice as do the propbes and serverfarms/virtual servers. If I ping the Virtuual server ip address I get a reply but it I try to access VIP via telnet or web browser. I get a connection could not be open error on the client.The question is how do i determine where the error is comming from so far I can not tell if the client is getting through the acl or not.I have used the trouble shooting guide and nothing has worked to determine the cause so far. show service-policy int479 detail does not show an increase in the hit count when I try to stats conn does not show an increase in failed or timed out connections when i try to connect. [code]

View 3 Replies View Related

Cisco Application :: ACE 4710 Original Client IP Address Reconstruction?

Jan 12, 2011

configuration example on how to reconstruct the original client IP address from X-forwarded-for in HTTP request?

View 4 Replies View Related

Cisco Application :: 11506 / CSS SSL - No SYN To Server Before Client Initiates Traffic

Jan 24, 2013

I have a web application behind a SSL-offloading CSS 11506 that may require the server to be able to use a SSL connection as soon as it is established.    At least I'm troubleshooting a problem that is starting to look like this is a possibility.
The default behavior seems to be to not start the SYN/SYN-ACK sequence with the real server until the client starts talking first (such as send an http get request), even though the SSL termination part is done and ready.  
Any way to change this behavior?   The scenario is a webapp.  Client side starts more than one SSL session to the server, but only uses one immediately.   The client knows it has more than one connection and may have told the server so.    Like a control plus data channel(s) arrangement.   The client opens all the connections (full SSL handshake on all channels), starts using the control channel, and expects the server to start talking on the data channel.     However, since the client hasn't sent anything down that TCP connection first... the server doesn't have it.
I don't think this would occur when the server is doing the SSL... as it should have all the TCP connections as soon as the SSL handshakes are done. 

View 2 Replies View Related

Cisco Application :: ACE 4710 Configuration - Client / IP Address Access For Web Server

Oct 15, 2011

I want to use one arm infrastructure of ACE4710. But I remember it was problem for back end server can not get logging for which client/ip address access the web server.

View 3 Replies View Related

Cisco Application :: ACE 4710 - SSL Over Port 80

Aug 11, 2012

I've got a web app that the owners want to run over port 80, but also using SSL to secure private data in transit.  The architecture is an ACE 4710 in SSL termination mode->Apache (port 2000)->Back-End app server.
I've got two VIPs set up already - one on port 443 and one on 2000 - both of which do the SSL termination quite nicely, but using the 3rd VIP set up on port 80, the connection steadfastly refuses to be HTTPS (i.e. doesn't show the padlock).
I've done all the set-up through the web interface so far, can this be done? If so, how?

View 1 Replies View Related

Cisco Application :: Tcp 3636 - How To Configure CSS Port Redirection

Oct 11, 2011

I have CSS in single arm deployment model. I want to configure port redirection for the servers.  Servers are actually running web service on port TCP 3636. Which is accessibale by VIP but I dont want to give user this URL I want the user to use standard HTTP URL as mention below, I want user to open and once they access this URL automatically CSS redirect them to port 3636. How I can achive this. I am using IP addresses for the load balancing.

View 4 Replies View Related

Cisco Application :: ACE10 Dynamic Port Range

Feb 3, 2013

the dynamic port range server load balancing supported for MS Exchange 2010

View 1 Replies View Related

Cisco Application Networking :: CSS 11500 Responds For Any Port

Dec 21, 2011

We have multiple CSS 11500 clusters.  We have found that on all of them, if you try to open a session on any port to an IP address on the backend of the CSS, the CSS will complete the SYN-ACK-ACK session with the client.  This happens regardless of whether there is something on that IP address or not.
Coming from any IP, if I try to telnet to ANY IP on the subnet (whether or not there is an actual server on that IP) on any port (whether or not that port is open or not), the CSS will complete the initial connection.  I have verified this using telnet to numerous ports and viewing the transaction in a packet capture.
Is there any way to shut this off?  This is causing some licensing issues for our security folks that use a vulnerability scanner licensed on number of IP addresses.

View 4 Replies View Related

Port Redirect With Default Ports On Application?

Apr 26, 2012

I'm running several game and file servers via a dynamic IP, which I unfortunately cannot change to a static connection for several reasons. I've solved this by using No-IP, which is a Dynamic IP resolution service. This solved the first part of my problem - I can give people IP's for their websites, such as and so forth, but they all HAVE to append their ports to the url - i.e.

My main problem right now is the game servers - I'm hosting games that default host to 25565, and though I can change the ports the server hosts from, I must give those who want to connect the ports at the end of their urls, i.e.

I know DNS is essentially agnostic when it comes to ports, so no solution there. And I don't think the game (Minecraft vis-a-vis bukkit) supports SRV records, and even if they did, I'd have no idea how to configure them. How can I resolve static urls redirecting to a dynamic IP by pointing them to ports?

To simplify the question -

How can I make resolve to port 25566, and resolve to port 25567 when the default port is set to 25565?

View 1 Replies View Related

Cisco Application :: CSS 11500 - Keepalive Http And Port At Same Time

Apr 29, 2012

I need to configure a keepalive that check an url in a server   (http in port 9500 not in port 80) and check the port 443 in the same server. If any of them not response . the service should go down.

View 1 Replies View Related

Cisco Application :: 11501 Ftp Server Setup Using Non-standard Port?

Dec 13, 2011

we would like to setup FTP server over CSS where our member sever use non-std-port to open both control/data channel (i.e. 6370 as ctrl and 6369 as data this case.) but seems we only get Passive mode FTP mode work only but not for Active mode FTP case for data channel establishement for server back to client..
#  sh ver
Version:               sg0820501 (
Flash (Locked):
Flash (Operational):
Type:                  PRIMARY
Licensed Cmd Set(s):   Standard Feature Set


View 3 Replies View Related

Cisco Application :: ACE 4710 / Redirect All Connections From Port 443 To 9443?

Sep 13, 2012

I must  redirect all connections from port 443 to 9443.
this is configered and running:            
serverfarm host FARM-002
  probe test-xml
  rserver svx-xmlfw-lb-01 9443
    backup-rserver svx-xmlfw-lb-02 9443
  rserver svx-xmlfw-lb-02 9443

I have in the moment following problem. All connections become redirectet to port 9443 but port 8080 shouldn`t be redirectet to port 9443. What can i change in my config to solve this problem?

View 6 Replies View Related

Cisco Application :: CSS-11500 - Use SSL Cert In Proxy List For Same VIP But On Different Port?

Aug 16, 2012

Am I able to use an SSL cert in the proxy list for the same VIP but on a different port?  

View 1 Replies View Related

Protocols / Routing :: Using Port 1 - 80 For All Outgoing Traffic Possible With Application?

Oct 9, 2012

I want to be able to use port 1-80 for all outgoing traffic. I have a VPS outside my home, which can redirect the packets to the prober ports.Is it possible with an application on the computer and VPS? Or is it impossible?

View 1 Replies View Related

Cisco Application Networking :: ACE4710 - Can't Assign IP Address To Physical Ethernet Port

Jan 4, 2013

My customer wants each ACE4710 (of a highly available cluster) to have its own, dedicated port for management purposes.
According to documentation, IP addressing can be applied to VLAN interfaces, so in order to satisfy the requirement, I should make one port belong to an "access VLAN X", and then apply IP addressing to the corresponding "interface VLAN X". This should satisfy my customer´s requirement in an indirect way.
But... ¿ Can´t I just configure IP address on one of the 4 ethernet ports in order to save the work of building the aforementioned VLAN? I am asking this since I do not have access to a real box in order to verify.

View 2 Replies View Related

Cisco VPN :: QuickVPN Client To ASA 5505 - Using Port 60443

Mar 16, 2011

Setting up vpn using quickvpn client to asa5505.  QucikVPN client version is  I need to use port 60443, port 443 is already taken. 

View 1 Replies View Related

Cisco Application :: Apply Policy Only On Specific Subnet / Port 443 Traffic Can Be Redirect And Rest

Feb 16, 2012

I am facing problem with ACE configuration. I want to redirect 443 traffic to my Proxy Server. But I am not able to do this. I want to redirect only subnet only it is working but I dont have to have this policy to be applied on all the users only one subnet I want to have under HTTPS policy.
how can I apply the policy only on specific subnet so that port 443 traffic can be redirect and rest of all subnets can go direclty to Internet.

View 8 Replies View Related

Client Expects Port 21 But FTP-servers Have Same IP Address?

Mar 19, 2013

My setup is as follows: as a part of a global network, I have two separate measurement stations collecting data in the field. They are working with some kind of embedded linux system and is running an FTP-server so that I can download collected data. I have some control over the stations, which e.g. means that I can select the port used for the FTP-server (default is 21).Unfortunately, for this particular set of measurement stations, they are connecting via FTP-over-radio-link to another station which is connected to my computer via a router (on the server-side) and I can only "see" their common external IP address. If I have understood this correctly, they can not use the same port for FTP traffic, right? The router used is some (for me) unknown brand with unknown capabilities, so I don't expect/want a solution at that end.Now, to my problem: as a part of this global network there is a custom software running on my computer that automatically connects to all the different stations to download and process the data. This software runs on any recent version of Windows, but I'm running Windows XP right now. There is no way for me to modify this software at this point (for the future, maybe, but not now), and unfortunately it has a severe limitation: it MUST use port 21 for FTP-connections.My first attempt was to set the FTP-port to 2121 for one of the servers and create another IP address on my client network adapter and try to forward port 21 of this new IP to port 2121 on the server/router side, but due to lack of knowledge and experience I did not manage to get this working fully.

View 9 Replies View Related

Linksys Wireless Router :: Does WRT54GL Application Priority Section Allow For Port Ranges

May 11, 2013

I want to prioritize League of Legends, a game which uses ports of ranging between 5000-5500. Does the WRT54GL "Application Priority" section allow for port ranges. If yes, have I put the range in correctly.

View 2 Replies View Related

Cisco Routers :: Configuring Port Forwarding To 443 And Having Client VPN To Work

Mar 2, 2013

I have a problem configuring port forwarding to 443 and having client VPN to work.When 443 is NOT forwarded, VPN just runs fine (QuickVPN).As soon as I enable 443, the VPN stops working. No client can connect.I have the latest firmware.Is there a way to enable 443 and having VPN to work at the same time ? I need 443 for Exchange.

View 4 Replies View Related

Cisco :: Iron Port WSA-S670 Client Web Activity Logs

Jun 18, 2012

how to get the web activity report of clients in Ironport WSA S670. I need each and every URL's visited by the exact clients.As of now i am able to download the client web activity report upto URL categories...but i need exact URL's accessed by the clients.

View 1 Replies View Related

Copyrights 2005-15, All rights reserved