12-01-2008 12:46 PM
I created a VIP on our ACE 4710 and assigned it a URL in DNS. On my machine I can access the newly created website with no problems.
I sent the URL out to 6 other people so that they could test and none of them can access the site. They can access the site using a local host file entry directly to the server bypassing the ACE. When I look at the statistics I can see the ACE is dropping their connections but I can't figure out why. I am using an ACL (permit any/any) and NAT. I can see the NAT showing up in my IIS logs on the backend server.
Any thoughts?
12-01-2008 01:23 PM
when you do it are you layer 2 adjacent to the ace ? if so then maybe you do not have a default route configured.
Seeing config would be good.
12-02-2008 05:35 AM
Sorry for not posting this before. Here is the configuration.
resource-class RC_Web
limit-resource all minimum 10.00 maximum unlimited
hostname ACE4710
interface gigabitEthernet 1/1
description Trunk Port VLAN 330 and 332
speed 100M
duplex FULL
switchport trunk native vlan 330
switchport trunk allowed vlan 330,332
no shutdown
interface gigabitEthernet 1/2
shutdown
interface gigabitEthernet 1/3
shutdown
interface gigabitEthernet 1/4
shutdown
context Admin
member RC_Web
access-list ALLOW_ALL line 8 extended permit ip any any
probe tcp 1
ip address 10.25.144.72
connection term forced
probe icmp PROBE_SERVICE_ICMP
interval 5
passdetect interval 5
parameter-map type http cisco_avs_parametermap
case-insensitive
persistence-rebalance
rserver host WINSPTNSPRD02
ip address 10.25.144.72
conn-limit max 4000000 min 4000000
inservice
action-list type optimization http cisco_avs_container_latency
flashforward
action-list type optimization http cisco_avs_img_latency
flashforward-object
action-list type optimization http cisco_avs_obj_latency
flashforward-object
action-list type optimization http cisco_avs_bandwidth_and_latency
delta
flashforward
serverfarm host SharePoint_Test
rserver WINSPTNSPRD02 80
conn-limit max 4000000 min 4000000
inservice
class-map match-any ACETest1.WXYZ.com
2 match virtual-address 10.24.30.172 tcp eq www
class-map type http loadbalance match-all cisco_avs_container_latency
2 match http url .*
class-map type management match-any remote_access
201 match protocol xml-https any
202 match protocol icmp any
203 match protocol telnet any
204 match protocol ssh any
205 match protocol http any
206 match protocol https any
207 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match ACETest1.WXYZ.com-l7slb
class class-default
serverfarm SharePoint_Test
insert-http ACEHEADER header-value "%is"
policy-map multi-match global
class class-default
appl-parameter http advanced-options cisco_avs_parametermap
policy-map multi-match int330
class ACETest1.WXYZ.com
loadbalance vip inservice
loadbalance policy ACETest1.WXYZ.com-l7slb
loadbalance vip icmp-reply active
nat dynamic 1 vlan 330
appl-parameter http advanced-options cisco_avs_parametermap
class class-default
appl-parameter http advanced-options cisco_avs_parametermap
policy-map multi-match int332
class class-default
appl-parameter http advanced-options cisco_avs_parametermap
service-policy input global
interface vlan 330
ip address 10.24.30.14 255.255.254.0
ip options allow
access-group input ALLOW_ALL
nat-pool 1 10.24.30.108 10.24.30.108 netmask 255.255.254.0
service-policy input remote_mgmt_allow_policy
service-policy input int330
no shutdown
interface vlan 332
ip address 10.24.32.7 255.255.254.0
nat-pool 1 10.24.32.10 10.24.32.10 netmask 255.255.255.255
service-policy input remote_mgmt_allow_policy
service-policy input int332
no shutdown
ip route 0.0.0.0 0.0.0.0 10.24.30.1
snmp-server contact "NetSec/WebServices"
snmp-server location "FT CR cab 412"
snmp-server community ob.2se group Network-Monitor
snmp-server community oper.8 group Network-Monitor
snmp-server host 10.24.0.28 traps version 1 oper.8
snmp-server host 10.25.209.44 traps version 1 oper.8
snmp-server host 10.25.209.46 traps version 1 oper.8
snmp-server host 128.147.44.61 traps version 1 oper.8
snmp-server trap-source vlan 330
snmp-server enable traps snmp authentication
username admin password xxx
username www password xxx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide