Creating user in Context

Unanswered Question
Jan 19th, 2010
User Badges:

Hi,


I wounder if anyone could help me. I have an ACE appliace running. I have created a new Context and have done all the configuration i.e. interfaces, loadbalancing, domain, users etc. Only problem and very basic one is that I am unable to login to the Context directly. I can acess the Contect with it's management IP but when I try to login I get "Invalid User Name/Password." message.


I can only login in Admin context. Is there anyting I am missing?  


Rgds,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Eric Rose Tue, 01/19/2010 - 06:11
User Badges:
  • Cisco Employee,

Hi,


Did you create a policy for remote access to that context and add the it to the interface?


Typically there is a remote_mgnt service policy - this is used to access the managemnet entity on a specific interface.


Thanks

Eric

Muhammad Khan Tue, 01/19/2010 - 06:56
User Badges:

Hi Eric,


Thank you for your reply.


Yes all the policies are in place. I can browse to we Console and Telnet but unable to login. Here is the Context config (It is one armed design with client/server and ACE on same VLAN). None of the users defined in here can login.


access-list ALL line 8 extended permit ip any any
access-list ALL line 16 extended permit icmp any any


probe http Probe_HTTP
  interval 5
  passdetect interval 60
  expect status 200 200
  open 10


rserver host Server1
  ip address 192.168.0.2
  conn-limit max 4000000 min 4000000
  inservice

rserver host Server2
  ip address 192.168.0.23
  conn-limit max 4000000 min 4000000
  inservice


serverfarm host Farm1
  probe Probe_HTTP
  rserver Server1 80
    conn-limit max 4000000 min 4000000
    inservice
  rserver Server2 80
    conn-limit max 4000000 min 4000000
    inservice


sticky http-cookie XYZ_Cookie XYZ_Cookie
  serverfarm Farm1


class-map type management match-any Management
  201 match protocol http any
  202 match protocol https any
  203 match protocol icmp any
  204 match protocol kalap-udp any
  205 match protocol ssh any
  206 match protocol telnet any
  207 match protocol xml-https any


class-map match-all XYZ_VS
  2 match virtual-address 192.168.0.9 tcp eq www


policy-map type management first-match Management
  class Management
    permit


policy-map type loadbalance first-match XYZ_VS-l7slb
  class class-default
    serverfarm Farm1


policy-map multi-match int3
  class XYZ_VS
    loadbalance vip inservice
    loadbalance policy XYZ_VS-l7slb
    nat dynamic 5 vlan 2


interface vlan 2
  description Server VLAN
  ip address 192.168.0.6 255.255.255.0
  alias 192.168.0.8 255.255.255.0
  peer ip address 192.168.0.7 255.255.255.0
  access-group input ALL
  nat-pool 5 192.168.0.9 192.168.0.9 netmask 255.255.255.0 pat
  service-policy input int3
  service-policy input Management
  no shutdown


domain XYZ_Domain
  add-object all


ip route 0.0.0.0 0.0.0.0 192.168.0.20

username XYZadmin password 5 *********** role Admin domain default-domain
username XYZusr password 5 ********* role Network-Monitor domain XYZ_Domain


snmp-server contact "ANM"
snmp-server location "ANM"


Thank you.

Muhammad Khan Tue, 01/19/2010 - 08:39
User Badges:

Errr... i managed to resolve it


username XYZadmin password 5 *********** role Admin domain default-domain
username XYZusr password 5 ********* role Network-Monitor domain XYZ_Domain


Should have been


username XYZadmin password 0 *********** role Admin domain default-domain
username XYZusr password 0 ********* role Network-Monitor domain XYZ_Domain


I was specifying encrypted password instead of clear text.

Eric Rose Tue, 01/19/2010 - 17:06
User Badges:
  • Cisco Employee,

That is great to hear.


Thanks

Eric

Actions

This Discussion