Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
970
Views
0
Helpful
4
Replies

ACE probe question

jteixido
Level 1
Level 1

‎05-13-2009 10:33 AM

Team,

Is the ACE module able to probe a specific context for a webpage? What would I need to configure on the probe to search for the following context?

GET https://wil-02.testtnet.com/index.jsp

Look for “windows-password-username”

The server admins are telling me that when one server is frozen it's not being taken out of the rotation. The current probe is configured as follows:

probe https https-probe-wilsonvdi

interval 10

passdetect interval 3

request method get url https://wilsonvdi

expect status 200 200

John...

Labels:
0 Helpful
4 Replies 4

sachinga.hcl
Level 4
Level 4

‎05-13-2009 11:33 AM

Hi John,

An HTTPS probe is similar to an HTTP probe except that it uses SSL to generate encrypted data. HTTPS probes are hardware assisted, which causes the ACE to send them from the data plane instead of the control plane. This feature causes the ACE to use the routing table (which may bypass the real server IP address) to direct HTTPS probes to their destination regardless of whether you specify the routed option or not in the ip address command.

Also, ACLs may impact HTTPS probes if you apply them incorrectly.

The server response must include the Content-Length header for the expect regex or hash command to function. Otherwise, the probe does not attempt to parse the regex or hash value.

The version in the ClientHello message sent to the server indicates the highest supported version. By default, the probe supports all as the SSL version. You can configure the version of SSL that the probe supports by using the ssl version command in probe HTTPS configuration mode. The syntax of this command is as follows:

ssl version all | SSLv3 | TLSv1

The keywords are as follows:

•all-(Default) Specifies all SSL versions.

•SSLv3-Specifies SSL version 3.

•TLSv1-Specifies TLS version 1.

By default, the HTTPS probe accepts any of the RSA configured cipher suites. You can configure the probe to expect a specific type of RSA cipher suite from the back-end server by using the ssl cipher command.

Kindly sent the out of the 'show probe detail'

So that I can see what is the expec status is returned.

Please reply back to troubleshoot this for you.

Kind Regards,

Sachin Garg

0 Helpful

jteixido
Level 1
Level 1
In response to sachinga.hcl

‎05-13-2009 12:40 PM

probe : https-probe-wilsonvdi

type : HTTPS

state : ACTIVE

description :

----------------------------------------------

port : 443 address : 0.0.0.0 addr type : -

interval : 10 pass intvl : 3 pass count : 3

fail count: 3 recv timeout: 10

http method : GET

http url : https://wilsonvdi

conn termination : GRACEFUL

expect offset : 0 , open timeout : 10

expect regex : -

send data : -

0 Helpful

sachinga.hcl
Level 4
Level 4
In response to jteixido

‎05-14-2009 02:38 PM

Hi John,

Can you try to add connection term forced in your probe config as By default, the ACE terminates a TCP connection gracefully by sending a FIN to the server. To configure the ACE to terminate a TCP connection by sending a RST, use the connection term command.This command applies only to TCP-based probes.

Also add the https://wil-02.testtnet.com/index.jsp to your request method not https://wilsonvdi

So your probe look like this after addition and chages ,as follows:

probe https https-probe-wilsonvdi

interval 10

passdetect interval 3

request method get url https://wil-02.testtnet.com/index.jsp

expect status 200 200

connection term forced

Add the correct url(for probe testing page) for get method. Because DNS will not resolve it.

Kindly go throught this url for a lot more:

http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_ACE_Health_Monitoring

http://docwiki.cisco.com/wiki/Cisco_ACE_4700_Series_Appliance_Quick_Start_Guide,_Release_A3(1.0)_--_Configuring_Health_Monitoring_Using_Health_Probes

Kindly add your inputs on this.

If it works then please rate.

Kind Regards,

Sachin Garg

0 Helpful

sachinga.hcl
Level 4
Level 4
In response to sachinga.hcl

‎05-14-2009 02:59 PM

Kindly add http:// to the websites mentioned below

docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_ACE_Health_Monitoring

docwiki.cisco.com/wiki/Cisco_ACE_4700_Series_Appliance_Quick_Start_Guide%2C_Release_A3%281.0%29_--_Configuring_Health_Monitoring_Using_Health_Probes

and then paste there to the IExplorer.

Tell me if it works then.

Sachin Garg

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents