Cisco WAN :: WCCP HTTP Access Timeouts With 3750
Jan 29, 2012
I have a web cache server, and I redirect all the HTTP request to it using WCCP.
Everything works without a problem, however I have a monitoring system that every minute tests the access to some customer sites that are hosted inside our infra-strutcture.
As soon as I configured the WCCP the monitoring system complains of timeouts accessing those sites, about 20% of the requests start to fail (timeout).
I don't think it is the fault of the cache because in the WCCP ACL I exclude all traffic that comes from my monitoring system. However as soon as I turn of WCCP the monitoring system never ever gives timeouts accessing those sites.
Is there anything I should do in WCCP to tweak it? I have WCCP configured in my core gateway that is a CISCO 3750.
View 2 Replies
ADVERTISEMENT
Jul 30, 2012
I am facing issue with http login after IOS upgrade on 3750 switches. I upgrade IOS from c3750-ipbase-mz.122-35.SE5.bin to c3750-ipbase-mz.122-53.SE2. bin Any other command I have to run.
View 1 Replies
View Related
Jul 19, 2011
When the following was issued:
ip wccp 0 redirect-list wccp_acl group-list 10 password 0 ourpassword
Received this error:
MDT: %COMMON_FIB-3-FIBIDBINCONS2: An internal software error occurred. WCCP:0 linked to wrong idb Loopback0 (xyz node name)
When the following was issued 10 minutes later:
ip wccp 70 redirect-list wccp_acl group-list 10 password 0 ourpassword
No error msg (but now wccp was active)WCCP appears to be working but we are ** having problems connecting ** with our websense (7.6) box via GRE.Websense is connected to the 6509 which is connected this 3750 switch.
View 2 Replies
View Related
Nov 21, 2011
I'm setting up a web cache using the wccp protocol on a Catalyst 3750 stack.
Probably missing something real simple here but when I from the global configuration mode are trying to enter the ip wccp command it just says "invalid input" from wccp. There is no such command.. should be supported on my device from IOS 12.2(37)
View 1 Replies
View Related
Mar 13, 2012
Today, my customer have 1 project that have to deploy Cisco 3750 to redirect wccpv2 to Websense Security Gateway.However, i can't excute "ip wccp redirect out" on Cisco Catalyst 3750.
View 5 Replies
View Related
Jan 3, 2012
I would like to apply a policy-based route on one of our L3 switches (Cisco 3750) to change the next-hop of a couple of servers only. The VLAN where those servers reside got WCCP enabled on it. When I want to apply the route-policy to that VLAN interface it doesn't let me. When I try to apply the same policy to a VLAN interface without WCCP it does work. Is there any Cisco IOS limitations that would prevent me from doing that?
Configuration:
route policy config:
access-list 70 permit ip host x.x.x.x (server IP)
route-map PBR1 permit 10
[Code].....
View 1 Replies
View Related
Mar 22, 2011
I am configuring remote access VPN on a cisco router 3845. Works fine.
I was looking for configuring session and idle time configuration for groups and eventually users.
I am using the following Cisco VPN remote access configuration :
crypto isakmp client configuration group mygroup
key xxx
pool mypool
acl 101
max-logins 3
banner ^CHelloo ^C
Is there any command in cisco ios similar to Cisco ASA vpn group 1 session-timeout?
View 1 Replies
View Related
Dec 29, 2011
I have a customer who used to own a 3750 with a older version of IOS. The switch he had used a three year old version of IOS which allowed him to browse to the switch IP and manage it via HTTP without entering a password at all. Now that he has a replacement switch with a new ver of IOS (since the previous switch died). We slapped the config on from the old switch but no matter what we do (understanding that new http aaa authentication commands were added) we cant get this thing to let him in without prompting him for a password. I understand this was an insecure config to begin with so I shouldn't be advocating using it in the first place, but this is what the customer wants.Basically what I'm trying to figure out is are we banging our heads into the wall for nothing as the "ip http server" will not allow an authentication method of "none" anyway? None of the offical documentation I have read for the http aaa authentication cmds shows this as an example nor have I found any blog posts on how to do it ether. Perhaps Cisco removed this by design.
Here is the config:
aaa new model
aaa authentication login default local
aaa authentication enable default none
aaa authentication login none none
ip http server
ip http authentication aaa login-authentication none
[code]....
View 1 Replies
View Related
Sep 16, 2012
I have tried search but found found anything for the 3750 switch about how to redirect HTTP, HTTPS & SMTP traffic to altenative gateway, than our standard gateway on our network, so here goes:
The network that need the HTTP, HTTPS and SMTP traffic redirect is 192.168.5.0/24 and should be redirect to 192.168.5.205 where as all other traffic need to be direct to 192.168.5.199.
Can the 3750 switch do this typo of refirect and if how?? I cannot find anything on the Cisco site stating how or even if it is possible!
View 2 Replies
View Related
Mar 14, 2012
I am trying to mark http packets from a web server with DSCP ef, but when I am doing a traffic capture all http packets have tos 0x0.I am able to mark UDP and ICMP packets originated from this server, but not any TCP traffic.The web server is in VLAN 20This is my config mls qos ip access-list extended MARK-HTTP-ACL permit tcp host 10.10.10.10 eq www. [code]
View 4 Replies
View Related
May 9, 2012
I am testing out some inspection options on an ASA 5505, and I am running into a situation in which applying a http inspection is dropping all outbound http traffic. I get a "protocol violation" error in the logs.
Here is the setup: I'm not sure why the web traffic is getting dropped.
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
[Code].....
View 2 Replies
View Related
Mar 1, 2012
I cannot access http sites unless I manually write the prefix https. The issue is mainly on Wordpress blog pages and I have to keep writing https if I want to access other blogger's page.For the time being I am using Chrome's extension "Https Enforcer" which slows down my browsing speed but eventually the sites open. I have to disable it if I have to use google images. I use windows 7, Chrome browser, Pocket Modem.
View 2 Replies
View Related
Aug 5, 2012
I have problem i want to access to my http server in my local network from outside
192.168.2.42 : it my server http
195.X.X.X its my internet IP but it was connected in eth 0/4
static (DMZ,Orange) 195.X.X.X 192.168.2.42 netmask 255.255.255.255
access-list outside-acl permit tcp any host 195.X.X.X eq 80
access-group outside-acl in int orange
but its not good why
View 15 Replies
View Related
Jun 20, 2011
I just upgraded my ASA 5585 cluster from 8.2 to 8.4. I also upgraded the asdm .bin from 6.35 to 6.43. after rebooter the cluster, I try to access it with ASDM installed on my computer but it blocked at 17%.I tried to access [URL] but I just an error (with IE & FF) [code] What did I miss in the ocnfiguration ? I precise that I never used the http page, I already had the ASDM installed from another ASA.
View 4 Replies
View Related
Jun 16, 2011
I try to access to WS-SVC-NAM-2 module in the Switch 6509. But is not work although the HTTP port is enabled (I tested with the command telnet @ip 80).
I try telnet access to the module to check the config , but I always the message that the lo gin / password is wrong even though they are valid.
View 4 Replies
View Related
Mar 15, 2012
I installed the LMS as ova template on ESXi and be able to connect via SSH, but when I try to connect via http or https I got the following error.
ForbiddenYou don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
View 11 Replies
View Related
Feb 23, 2011
configure my ASA 5505. It is setup using PPPoE. What I want to do is this:
I have one of my IP addresses (99.23.119.78) setup for ftp using the ftp protocol to our internal IP address 192.168.1.3. What I need is to also allow for HTTP access but not just that, I need it to forward the http port to port 9000 because the web interface requires port 9000 for customer access. Previously on our old firewall customers were able to access the web interface by browsing to [URL]. I would like to not have to not require the port in the URL.
In addition, I would like to be able to setup a different IP address in our range (99.23.119.73) to be setup for http access using the standard port 80 for the same internal IP address (192.168.1.3). This URL will allow us to access the administration web interface for the FTP server.
Here is my current config:
Result of the command: "show running-config"
: Saved:ASA Version 8.2(1) !hostname ciscoasaenable password qVQaNBP31RadYDLM encryptedpasswd 2KFQnbNIdI.2KYOU
[Code].....
View 4 Replies
View Related
Aug 6, 2011
Situation: Slow internet access, after access keep getting waiting for HTTP, always see n items remaining.What can be done to speed up access?OS is windows 2003 R2, latest updates. [code]
View 15 Replies
View Related
Feb 22, 2013
I am trying to limit HTTP access to my server on the local network to a specific IP address. I create an Access Rule in the firewall section, however that doesn't work. The only way it works is if I add the internal IP address of the server to the Forwarding section where I create a new HTTP forwarding rule.However, that is not good because that allows ALL HTTP traffic to that server instead of just by the single IP address.
View 2 Replies
View Related
Dec 9, 2010
I was unable to access my ASA 5520 using HTTP/HTTPS even on the management interface. I had upgrade the ASA IOS to asa832-k8.bin and ASDM to asdm-634-53.bin. But, the issue still the same.
My browser show the error message as attach image.
PGA-Firewall-02# sh run: Saved:ASA Version 8.3(2)!hostname PGA-Firewall-02enable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface GigabitEthernet0/0 nameif public security-level 0 ip
[Code]....
View 7 Replies
View Related
Aug 21, 2011
I have cisco 881 and configured with http access, but when i try to open in browser it's shows blank page. Is the Cisco 881 supports GUI ?
View 3 Replies
View Related
Feb 19, 2012
I configured 2960S switch as http server. I'm unable to access the switch GUI with non privilege 15 user, with privilege 15 user it's working.
View 7 Replies
View Related
Mar 10, 2013
Is there a setting where I can increase FTP session timeouts?
View 1 Replies
View Related
Oct 21, 2012
After replacing a Cisco CSS/SSL Accelorator and PIX firewall with an ACE 4710 to do load balancing and SSL encryption behind an ASA firewall we started seeing mangled HTTP requests in the Apache access logs for the servers in the server farm. This is occurring for several different URLs and not just the one above and for multiple web browsers.The ACE load balances to servers running Tomcat 7 with Apache HTTP server v. 2.2.14. A recent ACE software upgrade to A5(2.1) has not fixed the problem.
View 1 Replies
View Related
Dec 14, 2012
I am not able to access https sites (like banking etc.). Once I plug my old router back I have no such problem. I guess it must be router settings that I cannot figure out.
View 7 Replies
View Related
May 8, 2012
I'm trying to connect to an SMTP server using telnet via putty. Not just well known domains such as bigstring, aol, gmail, hotmail etc but also endless amount of not known or not popular ones.The problem is that although nmap says that port 25 is open, I can not establish any connection to ANY SMTP server (it just timeouts).I have tried disabling my firewall and using a proxy, but it still doesn't connect and now I've ran out of ideas. I also tried to disable my avast as well as legally used ip switcher program to make sure the problem is totally independent from my ISP.
View 7 Replies
View Related
Mar 1, 2012
I am tyring to remotely diagnose a troublesome ASA5505
It is connecting via PPPOE and the original suscpicion was that the PPPOE was going down during heavy loads during the day, i.e 9am and lunchtime. I suspected MTU and have verified the MTU outside is set to 1492
However further troubleshooting doing a remote ping to the PPPOE address indicates that this does not drop at all.
When remoteley connected to the ASA my session dies and any outbound internet fails, then in a few minutes it comes back.
all the time the PPPOE line stays up?
One thought is that although the line does not go down it is being crippled with traffic and just getting so unresponsive it appears it has died.
View 2 Replies
View Related
Jan 17, 2012
Keep getting DHCP timeouts 169.254.x.x addressing. I think that the client laptop is not giving a response to the REQ from the DHCP server. Am I correct in my interpretation of the debug?
00:21:d7:93:f9:40 from Disassociated to Idle
*apfReceiveTask: Jan 18 13:48:24.162: 58:94:6b:d0:41:08 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [00:21:d7:93:f9:40]
*apfReceiveTask: Jan 18 13:48:24.162: 58:94:6b:d0:41:08 Username entry deleted for mobile
*apfReceiveTask: Jan 18 13:48:24.162: 58:94:6b:d0:41:08 apfMs1xStateDec
*apfReceiveTask: Jan 18 13:48:24.162: 58:94:6b:d0:41:08 Deleting mobile on AP 00:21:d7:93:f9:40(0)
*DHCP Proxy DTL Recv Task: Jan 18 13:48:37.073: 58:94:6b:d0:41:08 DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 29, encap 0xec03)
*DHCP Proxy DTL Recv Task: Jan 18 13:48:37.073: 58:94:6b:d0:41:08 DHCP processing DHCP DISCOVER (1)
[code]....
View 3 Replies
View Related
Feb 15, 2011
We recently got a 10 meg dedicated internet fiber connection installed. I connected it to a PIX 501 firewall and everything worked fine (I tested it for a couple of weeks). A couple of days ago I got a new ASA 5505 and replaced the PIX with this device. It works, but every so often there seems to be a timeout when surfing the web whereby I click on a link and there is up to a 45 second wait and then the page loads quickly. I was not getting this before on the PIX so I'm assuming it's not a latency issue with the connection. I am the only one using this connection on the network so it's not to say that it's being bogged down. I want to roll this out to the other users on the network but not when this is happening. The configuration is below:
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
[Code].....
View 8 Replies
View Related
Aug 28, 2012
I got a Problem on a customer which is using a Failover ASA 5510 pair with SSM-CSC-10-K9 modules.The clients have to connect to a webserver where they are doing some calculations.If they prepare everything and want to calculate everything what takes a couple of time the session is after about 3 minutes timedout.My first idea was to set session specific timeouts which are a bit longer then the normal but this setting did not work. I created a policy which did not work for me. How to set connection specific timeout's? [code]
View 3 Replies
View Related
Oct 19, 2011
I have been having trouble with my DSL-2730B router. I am running a home network with a wired desktop connected via ethernet, two laptops, one desktop and three ipods connected wirelessly to the router.The problem is that at seemingly random times during the day the ability to connect to the internet is lost on all devices (wired or no). I also often lose the ability to connect to the router's homepage (settings) and upon inspection have found that when I ping the router I get time-outs (or sometimes destination host unreachable). This occurs on both wired and wireless at the same time and usually lasts anywhere from 10seconds to 10minutes at a time. I have reset the router numerous times including a reset via the web browser, unplugging the router and reconnecting and also have done a factory reset to attempt to solve the problem - all to no avail. As I am writing this I am using a different older router that so far (as of an hour) has not had the same issues.I should also mention that this happens regardless of which devices are currently on the network. I have had this problem with the wired-connection by itself and with my wireless laptop by itself.
View 4 Replies
View Related
Jan 4, 2012
Im running 8.3 on a 5505. We've got a few ssh tunnels originating from inside to some place on the internet. It seems these tunnels are closed every n minutes. I've seen two recommendations for altering the timeout values, and what I am interested in is infinite timeout (0) for these SSH tunnels.
Suggestion 1, alter timeout "conn". Default is 30 minutes, but I suspect this might have a negative impact because no inactive connections would be closed, ever. If it however is recommended to alter, how to set it to "0" (off/unlimited)? timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Suggestion 2, enable a ssh class map which explicitely set the timeout for the ssh connection. Is this recommended? How would I achieve unlimited time? And what about random-sequence-number disabled as seen below, is that really recommended?
class CLASS_MAP_SSH
set connection random-sequence-number disable
set connection timeout idle 48:00:00 reset
set connection decrement-ttl
View 3 Replies
View Related
Aug 29, 2012
We have recently put in a new 2901 router to be our IPSLA router and after adding 430 operations to it (215 ICMP and 215 UDP jitter) to cover off our state wide sites, it's reporting over half of them as timing out. Over the day, the timed out operations change so that our monitoring system shows the operations as down most of the time and up or warning state the rest of the time.
Some of the remote routers are reporting "SLA_FORMAT_FAIL" errors but I cannot find any references to this error.A ping from the router to the remote site router returns a ping time of 50ms or less and the network links are not conjested so QoS shouldn't be getting in the way. Our QoS policies would mark and prioritise the UDP jitter test traffic and the ICMP would be in the default class.
The 2901 is running 15.2(4)M1 and has 512MB RAM and 256MB flash. It's single homed into our core network switch. I've heard stories of 2900 series routers hosting 1000's of operations so I don't think we're taxing the router. CPU is sitting around 5% and memory is around 20%.
Below bits are for one set of operations.
*******************************************************************************************
End node we're targetting (2951 running 15.2(3)T):
DC204RT04#ping 172.16.37.192
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.37.192, timeout is 2 seconds:
[code]....
View 3 Replies
View Related
