Cisco VPN :: ACE-4710s To Setup Sticky Entries On Server Response Only

Aug 22, 2012

I've been using my pair of ACE-4710s for quite some time and have usually stuck to the Class C Subnet sticky settings, as that's what we migrated from in Windows NLB.  In one instance of load balancing I'm trying to create an L4 inspection policy that looks for a certain payload (much like a http header) and would like to persist on this.  The problem is that the client portion of the conversation starts with a 'SessionID' of 0, and the server responds with a unique 'SessionID'.  If I setup the sticky policy with 'Enable Sticky For Response', I get entries populated in the sticky database, but they all go to the same server as there is a sticky session setup for the SessionID = 0.  Is there a way to setup sticky entries on server response only? Currently using ACE DM v4(1.0).

View 10 Replies


ADVERTISEMENT

Cisco Application :: Ace 4710 Response Sticky Only

Dec 15, 2011

I've been using my pair of ACE-4710s for quite some time and have usually stuck to the Class C Subnet sticky settings, as that's what we migrated from in Windows NLB.  In one instance of load balancing I'm trying to create an L4 inspection policy that looks for a certain payload (much like a http header) and would like to persist on this.  The problem is that the client portion of the conversation starts with a 'SessionID' of 0, and the server responds with a unique 'SessionID'.  If I setup the sticky policy with 'Enable Sticky For Response', I get entries populated in the sticky database, but they all go to the same server as there is a sticky session setup for the SessionID = 0.  Is there a way to setup sticky entries on server response only.Currently using ACE DM v4(1.0).

View 8 Replies View Related

Cisco Application :: No Sticky Database Entries Seen With End-To-End SSL And Cookie With ACE30s

Sep 10, 2012

We've got ACE30s (active/standby) running A5(1.2), and a context that's front-ending one of our major applications, doing SSL termination on the client side and SSL initiation on the back side:
 
parameter-map type ssl FrontEndSSL-Param
  rehandshake enabled
 
parameter-map type ssl BackendSSL-param
  authentication-failure ignore
[Code]...

View 4 Replies View Related

Cisco Application :: ACE 4710 Shows Over Weeks Dramatically Increasing Sticky Entries

Jan 24, 2013

I have a strange effect at my ACE 4710. I loadbalances normally reliable only 14 WEB-Services.
 
It's running on SW A3.25. Since several weeks I regognized a dramatical increase of Sticky entries. So when running in limitations (the stolen for reuse counter increased then) (show np 1 me-stats "-slb -v") gave more and more resources for sticky ... last it was at 65% and ran again into limits at round 650500 Sticky entries.
 
So I began to find out what of the services was affected with most sticky database entries and could Identify it. There were really to see round about640000 entries for that specific service.
 
The sticky for that service was defined to look at a specific cookie in the http header and the timeout defined is 120 minutes.
 
So round about 45000 Entries was to see with a "show sticky databse group Cookie_Sticky"  with a time-to-expire value of   zero   in the database like the follwing examüple shows:
 
timeout      : 120           timeout-activeconns : FALSE  sticky-entry          rserver-instance                 time-to-expire flags  ---------------------+--------------------------------+--------------+-------+  13765297814690832647 

[Code]....

When I modified my Sticky definition  with the command "timeout activeconns"   all the Zero-Entries were kicked out and the rsources used for Stickywent back to 5% of usage...

View 1 Replies View Related

Cisco Application :: ACE 4710 / Sticky Serverfarm / All Connections On One Server?

Nov 2, 2011

We are using a sticky serverfarm with 2 real servers, one server was down for maintenance for an extended period of time. When it came inservice again it was not getting any connections. is it because all the connections had stuck to the other server ?  we want sessions to be sticky but we also want to LB?I got it working by bouncing the server that had been online all the time. things started to LB then.BTW  the ACE 4710 is running 4.2.1

View 1 Replies View Related

Cisco :: EZVPN Cannot Get Any Response From Server

Jul 24, 2012

I try to set up EZVPN server. I cannot get any response from server.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 No Authoritative Response From Any Server

Nov 1, 2010

I'm having issue with tacacs server(ACS 4.2), did the following test from the router:
 
Router1#test aaa group tacacs+ cisco cisco legacyAttempting authentication test to server-group tacacs+ using tacacs+No authoritative response from any server.I can ping the ACS server from this router though.

View 6 Replies View Related

Ping Test Failed / DHCP Server But No Response

Jan 28, 2013

I connects to the wireless box and has full signal but an exclamation mark is present.I have run some tests and the IPv4 and IPv6 say they have no internet access.I also run a full test and everything passed except the ping test which failed and it said: no response:default gateway response: dhcp server it suggested disabling security firewall but i'm not sure if that's the correct thing to do or even how to do that!

View 7 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 - Can't Contact AD Server Slow TACACS Auth Response

Sep 28, 2011

Running ACS 5.1 appliance, and am seeing slow repsonse on TACACS authentications due to the ACS trying to reach overseas AD servers and failing.  Is there any way to configure a /etc/host/ file locally on the ACS in order to force the appliance to use specific AD servers for authentication?  As I understand the process currently, the ACS appliance will query the top-level domain and get a list of all the AD servers in DNS.  In my case, this would include the AD servers overseas that we do not want to use.

View 1 Replies View Related

Linksys Wireless Router :: WRT54GS - Unable To Get Response From Server For Flash

Nov 9, 2011

I am trying to recover a WRT54GS v1 router from a bad flash. The power light is blinking and would not accept pings. Since I figured it was already hopeless, I attempted shorting pin 15 and 16 which cause it to start receiveing pings. My problem is it won't accept the tftp flash, I've tried both cmd prompt and auto upgrade utility. Upgrade utility says "Unable to get response from the server" however it is still accepting pings. Cmd prompt TFTP says it can't read from local file. I am using windows XP. Code...

View 3 Replies View Related

MSCHAPv2 / Setup Secure VPN Server Using Windows Server 2012 Without Domain?

Jan 10, 2013

i've been using a VPN to connect to my home network from elsewhere for a few months. It's set up as follows:

PPTP
Maximum Strength Encryption
EAP-MSCHAP-v2 Authentication

Now I find out that MSCHAPv2 authentication has been broken and is no longer considered secure (even by Microsoft), so I want to change the protocol I'm using to make it secure.

However, I've spent 3 hours now researching this and I cannot for the life of me figure out how to use a better protocol on my Windows Server 2012 home server. I've tried setting up PEAP authentication (still PPTP) a la Microsoft's recommendation document, but it requires a certificate. I've created a self-signed certificate but it seems I can't issue certificates (via this method) without being a member of a domain, so I'm stuck. I can't even get started with L2TP since I can't find the option for it.

My question is this: Is there a way to setup a secure VPN server using Windows Server 2012 without a domain? If so, how do I do this?

View 1 Replies View Related

Cisco Application :: ACE 4710 Sticky Database

Apr 7, 2013

I am considering using IP sticky timeout, but have a quick question about the database, is the 800,000 sticky connection per appliance or per context?

View 1 Replies View Related

Cisco Application :: ACE 4710 SSL Cannot Configure Backup Sticky Network

Sep 24, 2012

I'm looking for some documentation I can share with a customer to explain why I can't configure them a back-up sticky server farm when we're not terminating SSL on the the ACE (we pass SSL from the client through to the rservers, sticking the client to the rserver by source IP address).  I've not been able to find anything that addresses this particular scenario in my googling so far.  I remember discussing this in my training class with the instructor, but I can't find any reference to it.  Have any of you run into this and have a link they can share?

View 7 Replies View Related

Cisco Routers :: RV042 Smart Link / Failover Is Sticky

Apr 16, 2012

RV042 in Router mode.WAN1 preferred.With Smart Link it seems to work to a point.When WAN1 fails, it fails over to WAN2.But then it gets stuck on WAN2 and I have to manually switch to WAN2 preferred and then back to WAN1 preferred to get WAN1 connection to return.The test IP addresses should be just fine as set.
 
Is there something I should be doing differently?

View 8 Replies View Related

Cisco Application :: 4710 - HTTP-Cookie Sticky Not Working

Feb 1, 2012

I have a requirement to load balance OWA 2010 inbound connectivity to 2 CAS servers using a ACE 4710 with sticky sessions enabled.
 
The CAS servers are currently responding on 80 or 443 at this moment in time. Eventually I want to off load the SSL to the ACE 4710, its currently running on the CAS servers. I need to enable sticky sessions to keep the session to the same CAS server for each internet based connection. I also have a proxy enabled for inbound connectivity so I cannot use source IP.
 
Here is my configuration but it doesn’t seem to be working, i am currently testing with port 80 connections not SSL.
 
serverfarm host INHOUSE-EXCHANGE-OWA-vFARM
predictor response app-req-to-resp samples 4
probe 443
probe HTTP-PROBE
rserver INHOUSE-TEST-CAS01-SVR
   inservice(code)

View 12 Replies View Related

Cisco Application :: ACE 4710 Cannot Confirm HTTP Cookie Sticky Connections

Jan 8, 2013

We are using a ACE 4710 with A3(2.6) software release.I had to change our sticky load balancing method for HTTPS to cookie based.However while connections appear to work if I look at the show sticky database table I can not see or confirm sticky entries for the cookie based connections.Here or config snippets to show the config
 
sticky http-cookie ghh-www scook-ghh
cookie insert browser-expire
serverfarm ghh-www-443
class-map match-all ghh-www-443_CLASS
2 match virtual-address 172.16.1.21 tcp eq https

[code].....

View 22 Replies View Related

Cisco Wireless :: WLC 8500 / Sticky Key Caching Flexconnect Access Points?

Jun 13, 2013

The wlc config guide of Release 7.4  states that sticky key caching (usefull with apple devices) is supported at AP in local mode. [URL]I am testing the new WLC 8500 with 7.4.100.60.

AP mode =  FlexConnect

The wlan i activated skc is centrally switched.I debugged the iPhone (4S) roaming.I think skc  works at centrally switched vlan on flexconnect APs.  
 
*apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Reassociation received from mobile on BSSID 00:16:9c:ba:a9:b6
*apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Global 200 Clients are allowed to AP radio
 *apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Max Client Trap Threshold: 0  cur: 23
 *apfMsConnTask_1: Jun 14 14:15:17.069: 30:39:26:2c:d3:ee Rf profile 600 Clients are allowed to AP wlan

[code]....

View 4 Replies View Related

Cisco Application :: ACE10-6500-K9 / How Static Entry Under Sticky Performs

Jul 26, 2011

how a static entry under a "sticky" performs Configuring Static IP Address Sticky Table Entries Cisco Documentation Says When you configure a static entry, the ACE enters it into the sticky table immediately. Configuring the ACE Action on Server Failure failaction purge # The purge keyword specifies that the ACE remove the  connections to a real server  if that real server in the server farm  fails after you enter the  command. The ACE sends a reset (RST) to both  the client and the server  that failed. Cisco Documentation Says If you do not configure this command, the ACE takes no action when a server fails
 
sample config
sticky ip-netmask 255.255.255.240 address source STICKY1
timeout 180   replicate sticky   serverfarm SERVERFARM1   8 static client source 192.168.12.15 rserver SERVER1
  
Question1 - What happens if SERVER1 fails?
 
a) Does the ACE let the connections to SERVER1 timeout(default behaviour) and then load-balance new connections coming in deom 192.168.12.15 to another server in SERVERFARM1

ORb)  Does the ACE reset the connections to SERVER1  immediately and starts  load-balancing new conenction coming in from  192.168.12.15 to other  servers in SERVERFARM1 ?

ORc) Does the ACE just drop the current and new connections from 192.168.12.15 till SERVER1 comes back up ?

OR d) Is it dealt differently?
 
Question2 - Now what happens if the failed server(SERVER1) comes back up after some time?
 
e) Does the ACE reset any current connections from 192.168.1.15 and starts sending them to SERVER1 ?

ORf)  Does the ACE leave the current connections from 192.168.1.15 to other  servers in SERVERFARM1 as they are and send any new connections
from 192.168.1.15 to SERVER1?

ORg) Is it dealt differently?
 
My guess is Question1 -> a) and Question2 -> e)
 
ACE model =  ACE10-6500-K9
Version =  A2(3.3) 

View 4 Replies View Related

Cisco Switching/Routing :: 2950 Error Would Be That Sticky Command Doesn't Exist

Jun 5, 2013

I'm having an issue with port-security on a cisco 2950 switch. The port-security is setup to user sticky mac-addresses and was working just fine. Recently when a computer was changed out and I needed to clear the security on the port it wouldn't let me.I would type clear port-security sticky int fa0/## and it would give me an error. The error would be that the sticky command doesn't exist.So I went back and type clear port-security ? and the only option was dynamic. Even if I try to take the port security off the switch it wont let me, it never shows the option for sticky.If I change the maximum number of mac-addresses allow the computer will work, but I can never clear the old addresses out.

View 3 Replies View Related

Cisco Switching/Routing :: ME3600X Is Switchport Port-security Mac-address Sticky Available

May 5, 2012

Our customer has a Cisco ME3600X with the IOS me 360x-universalK9-mz.122-52.EY3.They are saying that is not possible to configure the "switchport port-security mac-address sticky" in the interfaces and want to know whether any additional license is needed.As far as I know there isn't any extra license to activate this feature and also I believe the ME3600 switch should have this feature with the universal IOS, isn't that right?

View 1 Replies View Related

Cisco :: Setup NTP Server Using 2811?

Sep 30, 2012

I've setup a NTP service by using Cisco 2811 routers. This works fine at the moment, but in the end there are some questions left.
 
1. I'm using two 2811 Routers, one for primary, which is resceiving the time from PUBLIC NTP 1, and one for backup, which is resceiving the time from PUBLIC NTP 2. Is it possible to compare these to times an check if the match? And if not, generate an alarm via e.g. SNMP
 
2. Is it possible to check via SNMP, if the routers are reaching PUBLIC NTP 1 and PUBLIC NTP 2 for sync?

View 3 Replies View Related

Cisco WAN :: 5505 With 9.1 VPN Server Setup?

Mar 17, 2013

ASA 5505 Sec plus lic w/OS 9.1
 
I want to setup a quick and simple VPN server on my ASA. I want to do local authentication and, once authenticated, I want to allow all internal access. I only have 1 WAN IP. I'm finding a ton of conflicting info online. The ASA is already setup and is operational. I just need the correct commands to setup the VPN.

View 6 Replies View Related

Cisco WAN :: Setup VPN Server On 1841?

Oct 11, 2012

I have setup a VPN server on cisco 1841 and dialed through pc, it worked fine. But when I dial through another ISP it is not working. It can establish VPN but it can't pass traffic through VPN, what may be the problem. The configuration is same and I can access Internet through this ISP.

View 4 Replies View Related

Cisco :: Setup Syslog Server On LMS 4.0?

Mar 4, 2012

I am trying to setup syslog server on LMS 4.0.Everything seems to be working fine but I have a lot of stragne logs in my syslog.log file.Every single day I receive logs like :
 
Mar 05 09:31:03 127.0.0.1 100: <30>   dmgt[1136]: 3007(I):Started application(1015) "e:CSCOpxincwjava.exe -cw:jre lib/jre -cp e:CSCOpxMDC omcatsharedlibMICE.jar;e:CSCOpxMDC omcatsharedlibNATIVE.jar;e:CSCOpxMDC omcatsharedlibjdom.jar;e:CSCOpxMDC omcatsharedlibxalan.jar;e:CSCOpxMDC omcatsharedlibxerces.jar;e:CSCOpxMDC omcatcommonlibservlet.jar;e:CSCOpxMDC omcatsharedlibcastor-0.9.5.jar;e:CSCOpxMDC omcatsharedlibcastor-0.9.5-xml.jar;e:CSCOpxlibclasspath;e:CSCOpxwwwclasspath;wwwclasspathvbjorb.jar;MDC omcatwebappsupmWEB-INFclasses;libjrelibendorsedjacorb.jar;MDC omcatwebappsupmWEB-INFlibctm.jar;MDC omcatwebappsupmWEB-INFliblog4j.jar;MDC omcatwebappsupmWEB-INFlibjep-3.2.0.jar;MDC omcatwebappsupmWEB-

[code]....
 
I dont want to get any logs from 127.0.0.1. Is it possible to filter out logs from server ?

View 3 Replies View Related

Cisco VPN :: 871 PPTP VPN Server Setup

Mar 9, 2012

I am trying to configure a Cisco 871 to act as a PPTP VPN server on my home network. I have referenced Cisco's documentation regarding this which I will include below as well as a copy of my current running configuration and terminal monitor information from when I attempt to establish a connection.
 
When I attempt to connect from a Windows machine I receive the following error: 'Error 807: The network connection between your computer and the VPN server was interrupted.' 'The remote device won't accept the connection.'When I attempt to connect VIA my mobile, I get 'The server has hung up'.The 871 does detect the incoming connection which can be seen from the terminal monitor output: url...

View 2 Replies View Related

How To Setup Proxy Server

Sep 23, 2011

How would I set up my own anonymous proxy server with my own ip address without having to go on a proxy list site? I don't care how complicated or time consuming it may be, I'm a very fast learner and I do things extremely quickly.

View 3 Replies View Related

How To Setup A Home Server

Sep 4, 2012

I host a minecraft server for my friends, but I always have to give them my ip every time because my ip changes everyday, and that is really annoying.

View 11 Replies View Related

How To Setup A Server Network

May 14, 2012

i need a guide to set up a server network.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: How To Setup Sync Between Two New ACS Server V5.3

Dec 4, 2011

I setup one acs v5.3 in one server in NYC and another acs v5.3 in SJC.I want to make the acs.nyc as primary and acs.sjc as the secondary, how do i setup it up?

View 1 Replies View Related

Cisco Firewall :: Syslog Server Setup Pix 6.2?

May 9, 2011

I need to setup a syslog server for PIX w/ 6.2 and was hoping to get detailed instruction how to go about it. I would like exact syntax w/ an example on the pix and any configuration on the computer that will be receiving the log info.  I have downloaded tftpd32 onto computer

View 1 Replies View Related

Cisco WAN :: Http Web Server Setup - 861W

Mar 20, 2011

we are having some trouble setting up our router (Cisco 861W) webserver on the LAN so that it can be accessed from outside (http via port 80). When we try to access it via the web address, we just get the login window of the Cisco router software?

View 10 Replies View Related

Install And Setup Dhcp Server?

Oct 30, 2011

I've made hotspot ad hoc and then my client try to connect my hotspot but it must setting manually...how to my client connect to my hotspot automatically not manually??? and how to install and setup dhcp server i windows 7...

View 6 Replies View Related

Setup A Network Storage Server

Dec 25, 2011

show me the necessary steps and a type of hardware/software to buy to setup a network storage server that allows me and my family to access/share all files from anywhere thru the internet?

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved