×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Equivalent config on ACE from the CSS config

Unanswered Question
Apr 24th, 2009
User Badges:

Folks


What will be equivalent config from CSS to ACE for the following config:


ssl-server 72 cipher rsa-with-rc4-128-md5 12.12.12.12 81

ssl-server 72 vip address 12.167.24.187

ssl-server 72 rsakey turnleafkey

ssl-server 72 rsacert turnleafstar1

ssl-server 72 cipher rsa-with-rc4-128-md5 12.12.12.12 81



service 12.12.12.12-redirect

ip address 42.42.42.42

keepalive type none

type redirect

no prepend-http

domain "https://testing.com"

active



content 12.12.12.12-443

vip address 12.12.12.12

port 443

protocol tcp

add service ssl_module1

active

content 12.12.12.12-81

vip address 12.12.12.12

port 81

protocol tcp

balance leastconn

advanced-balance sticky-srcip

add service host1-81

add service host2-81

add service host3-81

active


content 12.12.12.12-redirect

vip address 12.12.12.12

add service 12.12.12.12-redirect

protocol tcp

port 80

url "/*"

active



Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Sun, 04/26/2009 - 23:02
User Badges:
  • Cisco Employee,

Here is the result given by the CSS to ACE conversion tool available on the ACE Appliance. C4710.


Configuration commands for Admin context:

-----------------------------------------


resource-class RC1

limit-resource sticky minimum 10 maximum unlimited



context Admin

member RC1



interface gigabitEthernet 1/1

channel-group 10

no shutdown

interface gigabitEthernet 1/2

channel-group 10

no shutdown

interface gigabitEthernet 1/3

channel-group 10

no shutdown

interface gigabitEthernet 1/4

channel-group 10

no shutdown

interface port-channel 10

no shutdown


#interface gigabitEthernet 1/1

# no shutdown




Configuration commands for Admin context:

-----------------------------------------


access-list PERMIT_ALL extended permit ip any any





rserver redirect 12.12.12.12-redirect

inservice

webhost-redirection "https://testing.com"



serverfarm host 12.12.12.12-443

rserver ssl_module1

inservice

serverfarm host 12.12.12.12-81

predictor leastconns

rserver host1-81

inservice

rserver host2-81

inservice

rserver host3-81

inservice

serverfarm redirect 12.12.12.12-redirect

probe 12.12.12.12-redirect_PROBE

rserver 12.12.12.12-redirect

inservice



sticky ip-netmask 255.255.255.255 address source 12.12.12.12-81_STICKY

serverfarm 12.12.12.12-81

replicate sticky



parameter-map type http CASE_PARAM

case-insensitive



class-map type management match-any TO-CP-POLICY

match protocol icmp any

match protocol telnet any

match protocol snmp any

match protocol ssh any





class-map type http loadbalance match-any 12.12.12.12-redirect_CLASSURL

match http url "[.]*"



class-map match-all 12.12.12.12-81_CLASS

match virtual-address 12.12.12.12 tcp eq 81



class-map match-all 12.12.12.12-redirect_CLASS

match virtual-address 12.12.12.12 tcp eq 80



class-map match-all 12.12.12.12-443_CLASS

match virtual-address 12.12.12.12 tcp eq 443





policy-map type loadbalance first-match 12.12.12.12-81_POLICY

class class-default

sticky-serverfarm 12.12.12.12-81_STICKY



policy-map type loadbalance first-match 12.12.12.12-redirect_POLICY

class 12.12.12.12-redirect_CLASSURL

serverfarm 12.12.12.12-redirect



policy-map type loadbalance first-match 12.12.12.12-443_POLICY

class class-default

serverfarm 12.12.12.12-443



policy-map type management first-match TO-CP-POLICY

class TO-CP-POLICY

permit



policy-map multi-match POLICY

class 12.12.12.12-81_CLASS

appl-parameter http advanced-options CASE_PARAM

loadbalance vip inservice

loadbalance vip icmp-reply active

loadbalance policy 12.12.12.12-81_POLICY

class 12.12.12.12-redirect_CLASS

appl-parameter http advanced-options CASE_PARAM

loadbalance vip inservice

loadbalance vip icmp-reply active

loadbalance policy 12.12.12.12-redirect_POLICY

class 12.12.12.12-443_CLASS

appl-parameter http advanced-options CASE_PARAM

loadbalance vip inservice

loadbalance vip icmp-reply active

loadbalance policy 12.12.12.12-443_POLICY



service-policy input TO-CP-POLICY

service-policy input POLICY



Gilles Dufour Sun, 04/26/2009 - 23:06
User Badges:
  • Cisco Employee,

The output above is missing the ssl-proxy and has an error in the SSL policy.

Here is the correction


ssl-proxy MyProxy

key ...

cert ...


policy-map multi-match POLICY

class 12.12.12.12-443_CLASS

appl-parameter http advanced-options CASE_PARAM

loadbalance vip inservice

loadbalance vip icmp-reply active

loadbalance policy 12.12.12.12-81_POLICY

ssl-proxy server MyProxy


Gilles.

cricketbuff Wed, 04/29/2009 - 17:42
User Badges:

How did u define probe 12.12.12.12-redirect_PROBE in the config u gave? what are the values of probe 12.12.12.12-redirect_PROBE




Gilles Dufour Thu, 04/30/2009 - 03:55
User Badges:
  • Cisco Employee,

Actually, we do not support probe for redirect rserver.

So, simply remove that probe..


G.

Actions

This Discussion