I am tasked to Configure an ACE 4700 for SLB. This has been done and working. Am also further tasked to create a secure communication between tha ACE and Exchange server. I need the breakdown of steps required to Import certificate from the exchange server, and how to verify that things are working.
View 3 RepliesI am performing a deployment, in which i require clarity on the following. Our setup has DC and DR , in each site we have two devices for HA.We have received One SSL Certificate from Public CA, Kindly clarify the following doubts i have on thisIn Doc, i found Cert.pem and key.pem is required to generate the pair ,do i receive both Cert.pem and key.pem from the CA or we can generate key.pem from Cert.pem ?SSL Offloading is planned for the X application, and it is running in both DC and DR ( Considering each having their own Public IP address ) , do i need to have two different public certificates or a single certificate can i use in both DC and DR.Load Balancing IssueIs it possible to configure in ACE to access the service in Business hours and in non Business hours to display HTML page showing this is available only during these hours ?In DC we have Three Web Servers ( only in One physical server the service is active, other two are backup ), and these three servers are under cluster and shares one cluster IP , In ACE we have created the VIP and Pointed to only Cluster IP ( like pass through only ). The issue we face is if active web server is down, even then ACE is sending the traffic to that webserver only instead of sending it to the new Active web server. let us know if any solution is there to overcome this issue ?as per my understanding instead of giving cluster IP as real server IP we can issue the three physical servers. now i dont require load balancing between three servers instead require failover king like if first server is down then it should forward to Second server ?
View 4 Replies View Related My customer has SSL certificate already installed on microsoft exchnage 2010 servers and now wanted to import that certificate to cisco ACE4710.
How to trace the exact procedure to import the SSL Cert to ACE from microsoft exchange server and how about the KEY, from where I should get the KEY to cross verify for SSL Cert?
Do you know the procedure of import SSL certificate from Godaddy to ASA 5510? attached is the drop-down list that I have to choose from.
View 5 Replies View RelatedCan I import a self signed certificate from a Cisco 871 router to a Cisco ASA 5505? The 5505 replaced the 871 and I have a VPN that goes to another company that we have a connect to. The device on the other end is a VPN concentrator ( I do not have access to modify this device without going through multiple channels.) I only need to mimic this device for the site to site VPN tunnel only. It appears that there are no pre-shared keys only a self signed certificate.
View 1 Replies View RelatedWe are planning to deploy a Application Controle Engine - ACE family - and need to close the gap related to OWASP threat list masures.for what i could find in the information about ACE solution it seems that ACE does'nt have OWASP relations and need to deploy a IPS (Intrusion Prevention System) which seems to hold and apply to OWASP threat list vulnerabilities.question is it possible to deploy a ACE 4710 with a IPS 4200 as one or a inline deployment scenario ?
View 1 Replies View RelatedI'm currently in the process of the setting up a new wireless network and I want to test out our 7925 phones on it. When I try uploading the certificate to the phone it fails and I find the following error in the trace logs
[code]...
I created this certificate using using Windows Server 2003 and it is 2048 bits. This certificate works fine with my laptop but I'm unable to upload it to the phone. The app load currently on the phone is CP7925-MFG-D.8.LOADS. Are there any specific guidelines out there when creating a certificate for a Cisco 7925 phone?
I cannot import certificate from CA (Certificate Authority). When I attempt to install the certificate to CSACS SE 4.2, the following error occurs during installation: "Unsupported private key file format".
View 7 Replies View RelatedI am trying to import a SSL certificate into this device - Cisco SPS2024 (FW: 1.0.6 ( date 30-Aug-2011 time 15:45:47 )) but without sucess. I have allready did this task on another models through CLI (Cisco SRW224G4 - through the lcli) or on Cisco SG300. I can create certificate request with:
switch(config)#crypto certificate 1 generate key-generate
switch#crypto certificate 1 request cn "sw.localdomain" or "..." ou "..." loc "..." st "..." cu "..."
and that last command gives me plaintext certification request that I will sign with my certification authority. to this time, everything is clear and perfect.
And now, I have signed certificate according generated certificate request and I want to import it. And now I am in stuck, because I have not found any useful command to do this action. For import certificate, I have found only following command:
switch# crypto certificate 1 import pkcs12 WORD
also I dont exactly understand this command because there is no parameter to specify any url from which will be fetched pkcs12 certificate... just WORD parameter as the pkcs12 passphrase. nothing like as on another switch models on which there is following command:
switch2(config)# crypto certificate 1 import <CR>
after executing the command line will waiting for pasting the signed certificate to console. And on SPS2024 there is no any similar command to doing this. So in final, I cannot import certificate signed by my certificate authority, I can just generate self signed certificate directly on device and use only this one
I'm running an ACE 4700 appliance, i have a 4 server serverfarm setup, non-ssl, with leastconns predictor...i have tried round robin as well, and nothing...
I've taken each rserver out of service, and placed back in, and still, the traffic is handed off only to 1 server...
I do have sticky persistence (IP subnet)...
We are evaluating the one-arm design for the ACE 4700 and need some clarifications:
1. Are there any limitations in the one-arm design and the SSL offloading
2. Can the ACE be configured with an IN and an OUT vlan to the router
CLIENT -> Router -> ACE IN -> ACE OUT -> Router -> Server Vlan
so that the SSL and the clear text traffic is in a separate Vlan?
3. In some sample configuration i saw SNAT configuration on the ACE to modify the client IP. This i assume is for instructing the return traffic from the server to go through ACE? Using SNAT we eliminate the requirement for NAT or PBR on the router? Will i still be able to insert the client IP address after the SSL offload?
I have a client that I recently replaced their GSS's for and last evening I cut them over to an HA pair of ACE 4700's. After about an hour, it looks like the GSS and ACE stopped communicating with each other. When this happened, they switched back over to the old CSS appliances and everything came back up fine. Apparently this happened the last time they tried to cutover to the ACE and they contacted TAC. TAC told them the issue happened because the GSS's they were running at the time were EOL. So now, with brand new GSS's, they are experiencing the same issue.
As of now, the ACE's are offline and I cannot get into them to see what the issue may be. We tested the sites out last night after the cutover and everything seemed fine. There was one minor problem that I resolved quickly, but that was it and then we left. The client started getting emails about an hour later about their main website being down. They do have the ACE logging to a syslog server, so we will look at that to see if there is anything relavent. I suggested that we bring up a test site to use through the GSS/ACE and see what happens. They have another CSS that they can run their sites through, so this option will work without taking down all of their other sites.
How to configure a redirection on the ACE from HTTP to HTTPS using specific URL example [URL] to [URL], the SSL certificates were installed on the servers.
View 7 Replies View RelatedIm trying to configure an ACE 4700 so that SSL termination is done on the ACE and HTTP reaches the weblogic server instance. I have a working setup of a Apache reverse proxy doing SSL offloading and using a weblogic module and that works fine Was reading [URL]. Any working config example for doing this with the ACE4700
View 2 Replies View Relateddo you know what happens if you reach the limit of, for instance 100 Mbps, compression. I know that if you reach the bandwidth limit ACE will drop packets but if you configure compression what happens if you have 110 Mbps.
I supossed that ACE will compress 100 Mbps and leave 10 Mbps without compression but I don't find this information anywhere.
I've configure two ACE 4700 in a SLB modus http to a web server.To understand how the ACE works and to see if all are ok, I want to test it? but how?
How do I do to initiate a http connection between my test pc to the webserver through the ACE?
I am currently experiencing a problem while trying to import multiple 4710 ACE Appliances into ANM. ANM version is 5.2 and ACE 4710 Appliances version is 5.1.2. The error message is the same for all Appliances (currently 14, more to be deployed this year, another 12 this year). The management class, policy-map and service policy are all in place.
View 1 Replies View RelatedAny info about Exchange 2013 and ACE SLB functions. I know they changed to RPC over HTTPS on exch side and few other items changed as well. Any feedback from a production deployment.
View 1 Replies View RelatedWe now have a new requirement . We are replacing existing pair of CSS with ACE 4710 appliances. The problem here is that I can see from the configuration that some SSL certificate installed in CSS .Is it possible to transfer the existing SSL certificate from the 11503 to the ACE? Or, do we need to generate a new key pair and CSR on the ACE? Is there any document available to know the steps for the same.
View 2 Replies View Relatedhow to install a certificate (.p7b and .crf) on my second ACE in a HA pair.
On ACE01 i generated a CSR and gave the details to our SSL provider, they provided the certificates and i imported them. All good there.
How can i install the same SSL on ACE02 if i haven't generated a CSR on my backup devicde, or do i generate a CSR and import the same certificate?
Since bringing the ACE's into HA all contexts have sync'd and the backup ACE is in 'hot standby' state. But one context fails the sync and i think this is because the SSL certificate is not installed correctly on the second ACE02.
During our recent pen test, it was discovered that the GSS appears to be running what could be considered a "weak" cipher:
"SSL Weak Cipher Suite Supported - The web servers tested supports the use of weak SSL ciphers."
I've logon to the GSS but was not able to find the directory where the apache confs were stored (/cisco/merlot/apache)
My question is, can the cert and private key on the GSS be replaced by a new cert and key with stronger encryption?
I have an environment with SSL termination and client authentication with a client certificate. Now, the backend server application needs to be informed of the client DN information present in the presented client certificate. Is it possible to tell the ACE to send specific client certificate fields to the backen server via insertion of an HTTP header or, to forward the entire client certificate in any way to the backend server ?
View 2 Replies View RelatedI generated a wildcard certificate for my company type *. [URL] in a CSS 11501. For the site [URL] worked fine, for the site [URL] didn't worked. I read on the web that should generate a wildcard certificate with subject alternative names. Is it possible in CSS? how can I do it?
View 5 Replies View RelatedThere is ASA with remote access VPN and users are authenticated using third party signed certificates (CA is not local in ASA).When user certificate expires i can see it in syslog messages. For example:
%ASA-3-717009: Certificate validation failed. Certificate date is out-of-range, serial number: (...)
I would like to know if there is an opportunity to view user's certificate expiry date beforehand, say, 3 days before?
i am working on ISE 1.1.1, surprisingly i couldn't found certificate authority certifiate at certificate operation anymore.
would it be the change on GUI? So now where i can import the CA certificate to ISE?
I have a Hp 4700 all in one wireless printer. I am able to print with no problem. I just can't copy or scan. when you first turn the pritner on it comes up with a scan/copy error. I have tired everything and nothing works.
View 1 Replies View RelatedCable modem connected directly to a Dell Vostro laptop works fine. Same cable reconnected to Dell Dimension 4700 is not working. This has all been working fine for years - usually I have a wireless network with the 4700 connected to the router by Ethernet cable, and the Vostro connected by wireless, but I have removed the router to close in on the problem.First, I am not sure if my ip settings are correct. This is the output from 'ipconfig /all' [CODE].
View 5 Replies View RelatedI would like to use the NCS 1.2 to monitor Juniper SRX 210 firewall. When I try to import the MIB File from NCS, which show "Error: Failed to load MIB File "mib-802" because it is not in the resource path.what I can upload the MIB File from Juniper. [code]
View 0 Replies View RelatedI have 8 2504 controllers and each needs to have a minimum of 20 MAC addresses added. I would rather not add them one at a time but I don't see any features that allow for an import. Any way to do the import?
View 2 Replies View RelatedI'm trying the csv file import and getting some errors.
010-12-07 14:23:47: File Format Validation Completed2010-12-07 14:23:47: Import Started
2010-12-07 14:23:47: Record number: 1, Host 01-02-03-04-05-06: Import Failed2010-12-07 14:23:47: null Import process failed for unexpected reason: Unknown error has accurred.2010-12-07 14:23:47: Import Completed With errors
-------- Summary --------Total Number of Records Processed:1Number of Records Failed:1Number of Records Imported:1---------- End ----------Please refresh the table to see the changes.
On some other tries I get null field or missing fields.
It actually creates the host, but on editing it I get the following message:
An unexpected error has occurred. To continue your work, reselect the option in the left navigation bar.If you continue to receive the unexpected error message, close your browser and log in to ACS again.If you still receive the unexpected error message, contact your system administrator or technical assistance.
MACAddress:String(64):Required,description:String(1024),"enabled:Boolean(true,false):Required",HostIdentityGroup:String(256),VLAN:String(256):Required,attr-Expiration Date:Date(yyyy-Mmm-dd)01-02-03-04-05-06,AAATest,true,,Guest,2010-Dec-08
i tried to import a IOS from a network device into the software repository but the job fails with the following line in the log:
sw-10-ed24#
sw-10-ed24#dir /all flash:
Directory of flash:/
[Code].....
The chosen protocol ist SCP and the option "Use SSH for software image upgrade and software image import through CLI(with fallback to TELNET)." is enabled.
I have an SG200 switch and am trying to import a certificate signed by my own CA. I generate the CSR and sign it using Java's key tool with my own root cert. When I attempt to import the resulting cert, the switch blanks out the certificate text box and deletes all of my d name data (CN, etc) from the switch. What am I missing?
View 2 Replies View RelatedI have 2 PIX 525, which one of them, step and active failover mode the other PIX 525, leaving this off, do not know what happened may have been a power outage, but in any case I can turn it back on? And the other question I have is if I can import a configuration that I have saved on my computer. i have the PIX device manager.
View 11 Replies View Related