Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
578
Views
0
Helpful
2
Replies

ACE 4710 drops connections except for mine

JeramyKoval
Level 1
Level 1

‎12-01-2008 12:46 PM

I created a VIP on our ACE 4710 and assigned it a URL in DNS. On my machine I can access the newly created website with no problems.

I sent the URL out to 6 other people so that they could test and none of them can access the site. They can access the site using a local host file entry directly to the server bypassing the ACE. When I look at the statistics I can see the ACE is dropping their connections but I can't figure out why. I am using an ACL (permit any/any) and NAT. I can see the NAT showing up in my IIS logs on the backend server.

Any thoughts?

Labels:
0 Helpful
2 Replies 2

litrenta
Level 3
Level 3

‎12-01-2008 01:23 PM

when you do it are you layer 2 adjacent to the ace ? if so then maybe you do not have a default route configured.

Seeing config would be good.

0 Helpful

JeramyKoval
Level 1
Level 1
In response to litrenta

‎12-02-2008 05:35 AM

Sorry for not posting this before. Here is the configuration.

resource-class RC_Web

limit-resource all minimum 10.00 maximum unlimited

hostname ACE4710

interface gigabitEthernet 1/1

description Trunk Port VLAN 330 and 332

speed 100M

duplex FULL

switchport trunk native vlan 330

switchport trunk allowed vlan 330,332

no shutdown

interface gigabitEthernet 1/2

shutdown

interface gigabitEthernet 1/3

shutdown

interface gigabitEthernet 1/4

shutdown

context Admin

member RC_Web

access-list ALLOW_ALL line 8 extended permit ip any any

probe tcp 1

ip address 10.25.144.72

connection term forced

probe icmp PROBE_SERVICE_ICMP

interval 5

passdetect interval 5

parameter-map type http cisco_avs_parametermap

case-insensitive

persistence-rebalance

rserver host WINSPTNSPRD02

ip address 10.25.144.72

conn-limit max 4000000 min 4000000

inservice

action-list type optimization http cisco_avs_container_latency

flashforward

action-list type optimization http cisco_avs_img_latency

flashforward-object

action-list type optimization http cisco_avs_obj_latency

flashforward-object

action-list type optimization http cisco_avs_bandwidth_and_latency

delta

flashforward

serverfarm host SharePoint_Test

rserver WINSPTNSPRD02 80

conn-limit max 4000000 min 4000000

inservice

class-map match-any ACETest1.WXYZ.com

2 match virtual-address 10.24.30.172 tcp eq www

class-map type http loadbalance match-all cisco_avs_container_latency

2 match http url .*

class-map type management match-any remote_access

201 match protocol xml-https any

202 match protocol icmp any

203 match protocol telnet any

204 match protocol ssh any

205 match protocol http any

206 match protocol https any

207 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

policy-map type loadbalance first-match ACETest1.WXYZ.com-l7slb

class class-default

serverfarm SharePoint_Test

insert-http ACEHEADER header-value "%is"

policy-map multi-match global

class class-default

appl-parameter http advanced-options cisco_avs_parametermap

policy-map multi-match int330

class ACETest1.WXYZ.com

loadbalance vip inservice

loadbalance policy ACETest1.WXYZ.com-l7slb

loadbalance vip icmp-reply active

nat dynamic 1 vlan 330

appl-parameter http advanced-options cisco_avs_parametermap

class class-default

appl-parameter http advanced-options cisco_avs_parametermap

policy-map multi-match int332

class class-default

appl-parameter http advanced-options cisco_avs_parametermap

service-policy input global

interface vlan 330

ip address 10.24.30.14 255.255.254.0

ip options allow

access-group input ALLOW_ALL

nat-pool 1 10.24.30.108 10.24.30.108 netmask 255.255.254.0

service-policy input remote_mgmt_allow_policy

service-policy input int330

no shutdown

interface vlan 332

ip address 10.24.32.7 255.255.254.0

nat-pool 1 10.24.32.10 10.24.32.10 netmask 255.255.255.255

service-policy input remote_mgmt_allow_policy

service-policy input int332

no shutdown

ip route 0.0.0.0 0.0.0.0 10.24.30.1

snmp-server contact "NetSec/WebServices"

snmp-server location "FT CR cab 412"

snmp-server community ob.2se group Network-Monitor

snmp-server community oper.8 group Network-Monitor

snmp-server host 10.24.0.28 traps version 1 oper.8

snmp-server host 10.25.209.44 traps version 1 oper.8

snmp-server host 10.25.209.46 traps version 1 oper.8

snmp-server host 128.147.44.61 traps version 1 oper.8

snmp-server trap-source vlan 330

snmp-server enable traps snmp authentication

username admin password xxx

username www password xxx

0 Helpful
Customers Also Viewed These Support Documents