Cisco Application :: Health Probe For RDP Farm 3389
Aug 19, 2012
I have an RDP server farm that lost a disk. The RDP service was still running but users were unable to log in. I'd like to create a health probe that does maybe a combination of TCP probe for port 3389 and something that can determine if the drive that stores user profiles is available.
I cannot add any new service (http or ftp) to the server. Is there any way I can check SNMP mibs on the windows server or maybe WMI through TCL?
View 1 Replies
ADVERTISEMENT
Oct 16, 2011
We have an ACE 4710 providing load balancer functions for 2x websites. Is there a way to set up a probe to look for an image on the homepage of the website to deem the site is available.
View 4 Replies
View Related
Feb 2, 2012
Is there a way to rename a server farm, health probe, real server or virtual service without having to completely rebuild it? I'm running 3.0(A3).
View 2 Replies
View Related
Oct 14, 2012
I have a VIP, which is listening on port 8312 in ACE LB and NO probes attached to it. In this scenario how does the ACE module perform the health monitoring ?
View 4 Replies
View Related
Jul 5, 2011
I have a requirement to select a farm based on source IP address. I tried creating a match all class-map that matches on the virtual-address and source address but I get this message.LB01/Admin(config-cmap)# match source-address x.x.x.75 255.255.255.255 Error: Only one match virtual-address is allowed in a match-all class-map and it cannot mix with any other match type To me this is the only place where it makes sense to set the source match criteria.
View 2 Replies
View Related
Jan 23, 2013
I have four ACE 4710. Each pair of ACE is in one geographical location. Probes are configured so that it is checking regular regex (HTTP GET).When there is need rserver update we change text in our testpage.html (for ie. from "OK" to "SUSPEND" ) so that probe detect fail. In fact rservers are still operational, but should not accept new connections. This works fine. BUT I observed that established connection/sessions did not end up after probe fails. ACE probably wait for openned/established connections to end up and it is what I am askign for.What happens if probe fails but in fact rserver is operational? I thought that if probe fails it also end up/cut all established connections to rserver. But seems it is not true.
View 2 Replies
View Related
Mar 5, 2013
I have an HTTPS probe that sometime fail, sometimes does not fail.
[code]....
The probe that sometimes fails is the TEST-HTTPS. The TCP_443 probe works perfectly well.The ACE is configured in bridge mode.Is it possible to capture the PROBE traffic on the ACE side?
View 7 Replies
View Related
May 13, 2013
I have a physical server running behind the ACE module ACE20-MOD-K9. The Server has several virtual machines. One of that virtual machines, has a WEB SERVER running virtual https servers. For example, server with IP address 10.0.0.20/24, has serveral virtual HTTPs servers as of urll... So, if you nslookup the servers, they all respond with 10.0.0.20 IP address. So if I do url...goes to 10.0.0.20 and read the VIRTUAL SERVER config and replies back to the request.Now, I am trying to verify that the TCP connection (443) and the HTTPS server itself is up and running but only for the url... site and not for the other 2.The problem that I am facing is tha the HTTPS probe fails randomly. The TCP probe works fine.
View 1 Replies
View Related
Jun 19, 2012
I am wondering if there is a method to redirect particular URLs to individual real servers in a server farm.Scenario: We have an url which is setup on our ACE4710s (A3 2.4) to load balancer to a particular server farm as per standard setup i.e.Customers access [URL] on an external VIP, this is then load balanced to a server farm "SF_WEBSITE" consisting of 2 real servers "Server_A" and "Server_B". Nothing difficult in this set up. However, I have eeen asked if it is possible to redirect certain urls to individual servers within the server farm "SF_WEBSITE": e.g.
Action 1 - Customers access [URL] is redirected to "Server_A" only
Action 2 - Customers access [URL] is redirected to "Server_B" only
Default Action - Customer access [URL] anything else is redirected to server farm "SF_WEBSITE" and is load balanced between "Server_A" and "Server_B"
The Standard Class Maps and Policy would be something like:
policy-map type loadbalance first-match SLB_WEBSITE
class class-default
serverfarm SF_WEBSITE
Where I thought I would need something like:
class-map type http loadbalance match-all CMAP_AREA1
description CMAP used to capture specific URL for area 1
2 match http url /area1
class-map type http loadbalance match-all CMAP_AREA2
description CMAP used to capture specific URL for area 2
2 match http url /area2
[code]...
I think the above method is ok for 1 instance, but if it test successfully, my company would want to to roll this out across dozens of server farm configurations each consisting of numerous real servers, which will make the administration and implementation time overheads massive, not to mention complicating and lengthening the configuration.
View 7 Replies
View Related
Aug 31, 2011
I have been tasked to provide SSL(HTTPS) access to a server farm that will be accessible from the internet. Is this the correct guide to follow?
[URL]
I am assuming I will need to purchase a certificate to import into the load-balance r as well.
View 1 Replies
View Related
Feb 27, 2012
ACE 4710 software A3(2.7) [code] Why is the fail-on-all option missing from the serverfarm that is of type redirect? This option is something that I would actually need in a certain situation.
View 1 Replies
View Related
Feb 26, 2011
I want to configure my ACE so that if a probe fails, it fails over to the backup rserver, BUT it won't failback to the primary rserver until manual intervention is complete. The problem is we don't want an rserver to fail and failover to secondary, then failback to primary, repeat... (flip-flopping). I want to be able to have time to get on the server and find out what may have caused the probes to fail before it fails back.
View 4 Replies
View Related
Feb 26, 2011
is PC health pack safe to use
View 1 Replies
View Related
May 23, 2011
I'm a C# programmer and as part of my software I need to monitor some Cisco Catalyst 3560V2 24 switches using SNMP (By reading MIB/S data).Apparently this switch supports more than 50 different MIBs.My question is which MIB/MIBS contains general health data (parameters) that may determine if the switch is OK, Degraded or Malfunctioned.
View 0 Replies
View Related
May 2, 2012
I am working as a Network Administrator. Here I have to manage Cisco Switches 2960 and 4500 Series, Active Directory, Database Server, Exchange Server, File Servers, IP Telophony, Fortigate Firewall, 2960 Router, Wifi availability within Company. Although, in case of any disaster we will contact to vendor for solution, but the management told me to deploy any Software/Network Monitor which will facilitate to manage all this, i.e, overall network Health check, Performance Measurement, Fault Tolerance.
View 2 Replies
View Related
Jan 24, 2013
how the CDP device sensor probe works with ISE ?What I am trying to do, is to identify different Cisco Wireless Access Point models (i.e. LAP 1142) with ISE.Since the APs do speak CDP (I can see the AP devices on the switch), this should be possible with the CDP device sensor on the switch, shouldn't it I have done the following so far: Configured the switch to talk to ISE via radius accounting: [code] Should this config make the switch send CDP information about connected devices to the ISE (via radius accounting) ?How do the device sensors work ?
View 6 Replies
View Related
Jan 23, 2013
I have faced a problem with configuring Cisco 3750G series switches as Sever farm switches with redudance.
servers have 2NIC (1GBps) and both are bridged for redundant connections.In both switches all ports get green coluor except one port on Secondary SW. I saw some Spanning tree block port status on that switch.when i type Show cdp neghbor command on switch i can see other switch through a server connected port. Also Spannig tree root bridge election is occured through that port . Simply i need to configure both switches to pass traffic through there uplinks them selves.. but it seems like Secondry switch pass its traffic through primary switch ( i think according to STP ) usinginterconnection of bridge port of a server. [code]
View 1 Replies
View Related
Jun 3, 2012
192.168.1.10 --> ASA 1-----> ASA 2-------> ASA 3----> server (172.21.16.15)
We have opened 3389 , 80 & 445 ports on all firewalls ( ASA 1, ASA 2, ASA ) for server (172.21.16.15) from (192.168.1.10).We are able to see connection in ASA 1 under show connection for 3389, 445 ,80.
We are not able to see connections in ASA 2 & ASA 3 under show connection for 3389. But we are able to see hits in ACl.
View 3 Replies
View Related
Mar 5, 2012
I have a PC attached to a standard 192.168.1.1 router with port forwarding turned on. The PC has an IP of 192.168.1.10 and I have Port 3389 (RDP) on the router forwarded to that PC's internal IP.
I currently have a DynDNS hostname, example.dyndns.org, and I type that into MSTSC (remote desktop) whenever I'm traveling.
But, is there a better way of doing this? The IP of the PC is not static, but it rarely changes. I do have a domain registered with GoDaddy and have full access to DNS records.
View 19 Replies
View Related
Mar 9, 2012
I'm trying to get my ASA 5505 (IOS 8.4) to work, but got stuck on NAT because I would like to allow 3389 access for just a couple of WAN IP's. This is what I found so far:
(config)# object network Internal_RDS(config-network-object)# host 192.168.1.10
(config-network-object)# nat (inside,outside) static interface service tcp 3389 3389(config-network-object)# exit
(config)# access-list inbound permit tcp any object Internal_RDS eq 3389
(config)# access-group inbound in interface outside
But this will allow all WAN IPs to access 192.168.1.10 over port 3389 I guess? I would like to allow only some WAN IP's
View 4 Replies
View Related
Aug 3, 2011
So from a security standpoint... PPTP through Windows RRAS then RDP to the server?,Open port 3389 to the server and rdp direct? would think that having a VPN out front would block people from attempting a connection, but if the VPN username and RDP username are the same, I feel like its about the same.
View 7 Replies
View Related
Jul 29, 2011
I have a current issue with my 2008 R2 machine.I cannot get Remote Desktop to work. Client machine is Windows 7 Ultimate, windows firewall on the Server machine is disabled, Telnet to port 3389 works (as in, it doesn't error out it gives me a blank screen), the account I'm trying to login to is the only account on the machine (Administrator). Remote Desktop service is installed and set to allow connections on the less secure mode.
View 19 Replies
View Related
Apr 18, 2011
I would like to know how can we allow traffic on ports 3389 (rdp) and 8007 which comes from any to 192.168.2.10 but pretend to be a Phones interface 192.168.2.1? [code]
View 9 Replies
View Related
Nov 3, 2011
At one of our client premises they have an Cisco 1841 router. We need to connect from outside (other location in another country) with Remote Desktop connection port 3389 to an internal IP address ( a server).From any IP address it have to permit a connection on port 3389 to be forwarded to the server.
View 2 Replies
View Related
May 6, 2012
I would like to setup an cisco ASA 5505 to only allow certain IP's on port 3389, but i can't get it to work. Maybe some of you experts know why?
Here is my config:
ASA Version 8.4(3)!hostname cisco-asaenable password ** encryptedpasswd ** encryptednames!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.253 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 95.*.*.* 255.255.255.248!ftp mode passiveobject network obj_anysubnet 0.0.0.0 0.0.0.0object network rdpuser-1host 46.*.*.*object network rdpuser-2host 48.*.*.*object network rdp-host-pchost 192.168.1.20object
[code].....
The allowed IP's are setup on user level (rdpuser-1 and rdpuser-2) .Still do, I can't connect to the server from any of these IP's...
View 6 Replies
View Related
May 15, 2011
we are not able to access port 3389 on host 10.45.4.2 over our vpn connection. vpn is up and running and we can access othet tcp ports on the host but not 3389. hereunder part of the config:
ip http serverno ip http secure-serverip nat inside source route-map SDM_RMAP_1 interface BVI1 overloadip nat inside source static tcp 10.45.4.2 18330 94.229.51.184 18330 route-map SDM_RMAP_2 extendableip nat inside source static tcp 10.45.4.1 3389 213.148.231.156 3389 extendableip nat inside source static tcp 10.45.4.1 5800 213.148.231.156 5800 extendableip nat inside source static tcp 10.45.4.1 5900 213.148.231.156 5900 extendable!access-list 1 remark SDM_ACL Category=16access-list 1 permit 10.45.4.0 0.0.0.255access-list 100 remark SDM_ACL Category=4access-list 100 remark IPSec Ruleaccess-list 100 permit ip 10.45.4.0 0.0.0.255 10.45.1.0 0.0.0.255access-list 101 remark SDM_ACL Category=2access-list 101 remark IPSec Ruleaccess-list 101 deny ip 10.45.4.0 0.0.0.255 10.45.1.0 0.0.0.255access-list 101 permit ip 10.45.4.0 0.0.0.255 anyaccess-list 102 deny ip host 10.45.4.2 10.45.1.0 0.0.0.255access-list 102 permit ip host 10.45.4.2 anyroute-map SDM_RMAP_1 permit 1 match ip address 101!route-map SDM_RMAP_2 permit 1 match ip address 102!!control-plane!bridge 1 protocol ieeebridge 1 route ip
View 6 Replies
View Related
Apr 22, 2011
Below is my show run of a Cisco 800 router (Two VLAN's, single WAN) that works fine. Problem is that in this senario port 3389 is open for everyone. Only two remote users are allowed to connect trough port 3389. Let's say WAN IP's : 22.33.44.55 and 66.77.88.99. How would a good access-rule look like to fix it?
no service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryptionservice sequence-numbers!hostname cisco-867!boot-start-markerboot-end-marker!logging buffered 51200logging console criticalenable secret 5 ***!no aaa new-modelmemory-size iomem 10clock timezone GMT 1clock summer-time GMT date Mar 30 2002 1:00 Oct 26 2035 1:59!!no ip source-route!!ip dhcp excluded-address 192.168.10.200 192.168.10.254!ip dhcp pool Vlan2 network 192.168.10.0 255.255.255.0 domain-name dsl.local default-router 192.168.10.254 dns-server 213.144.235.1 213.144.235.2 lease 0 8!!ip cefno ip bootp serverno ip domain lookup!!!archive log config
[Code]....
View 2 Replies
View Related
Jul 12, 2011
RDP (port 3389) is not working on D-Link network - is there a setting in the d-link to allow this?
View 4 Replies
View Related
Dec 9, 2012
I'm trying to determine whether Cisco has any equivalent (in any platform) to some of the existing firewall rules within our iptables infrastructure. [code] What this does, is allow port forwards on port 3389/rdp. However, if a single IP opens too many connections within a timeframe, it starts dropping new ones.This is a critical requirements for certain security scenarios, such as preventing RDP brute forcing. A similar principle can be applied to 22/ssh.I've had a look around, rate limiting searches generally land me on QoS based discussions. I've seen people ask similar questions and get referred to CBAC. Whilst I can see similarly worded functions there such as limiting "half open" connections, I don't see anything there that limits the actual number of connection attempts you can make.
View 1 Replies
View Related
Jun 4, 2013
I've enabled RDP on a laptop, but I can't connect to it. Pinging the laptop works. nmap shows ports open, but not RDP. netstat on the laptop shows nothing listening on 3389. I've also tried rebooting. [code]
View 1 Replies
View Related
Aug 21, 2011
It's been a while since I've done a lot with a PIX config so what is the best way to allow access for 2 IP addresses that need to RDP into a server here inside our network. They also wanted to have ports redirected, 3391 to 3389 and 3397 to 3389.
View 12 Replies
View Related
Apr 18, 2012
1. I could not make an inbound access rule work for RDP. It is configured as follows WAN -> LAN for RDP (TCP 3389) , it didn't work even when I chose "All Traffic".
2. Single Port Forwarding seems to be working though.
3. Destination IP and QoS settings seem to be grayed out, I would like to know why.
View 2 Replies
View Related
Nov 7, 2012
I have an ASA pair configured to replace a router that hosts a collection of IPSec Tunnels. Tunnels appear to work. I am lab'ing some additional controls that I would like to implement. On the Production Router that i plan to replace with the ASA's the current Tunnels are all wide open (all traffic allowed to pass). I was hoping to lock things down a little without having to reconfigure all of the Tunnels. My though was that an ACL on the Inside Interface blocking selected traffic Out (so into the LAN) should not impact the stability of the Tunnels but allow me to restrict some traffic from entering the LAN. One port that I was attempting to block is RDP 3389. When this ACL is applied to the inside interface it does not block Port 3389 at all. What am I missing? Is it that the trffic is being allowed because it is coming through one of my 'open' Tunnels?
Shouldn't IPSec Tunnel traffic be processed by the Inside Interface ACL just like all other traffic?
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 3389
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 135
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 137
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 138
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 139
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 445
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 389
access-list 145 permit ip any any
ip access-group 145 out interface Internal
This work great on a 2821 Router, but not so much on the ASA.
View 11 Replies
View Related
