Problem of importing VIPs from Cisco ACE 4710 to the ACE Web App Manager

Answered Question
Feb 16th, 2010
User Badges:

Hello,


I am working on importing Virtual IP's (VIPs) from Cisco ACE 4710 Ver.A3(2.3) to the Cisco ACE Web App Manager Ver.6.3. In the first phase virtual connection between ACE appliances and WAF Manager is defined and the corresponding ACE Appliance IPs are getting listed under the "Destination Servers" option, But unable to import the VIPs and I get the following error after clicking the Import VIP link.


ERROR: Load balancer https://1.1.1.1:10443 virtual server parse failed Exception parsing for LoadBalancerContext
1.1.1.1 has no VIPs, or all of its VIPs are already represented by HTTP server definitions in this policy.


While reading through the document I have identified a note on which I still do not have clear understanding and I would like to mention here assuming if it could be the problem.


Note:The ACE Web Application Firewall does not support import of any VIP that matches a range of IP addresses in the ACE Application Switch policy.


Another point is that the VIPs on ACE and the IPs of ACE Web App Gateways are in the same range.


If this is the main cause of failure of importing VIPs then how it can be resolved or is there something else, If anyone can project some light or share ideas and experiences what could be the reason will be a great help.


Thanks in advance awaiting kind response.


Best Regards,

Correct Answer by Sean Merrow about 7 years 4 months ago

Hello itlogical,


You are hitting a bug on the ACE 4710.  The problem is that when the WAF asks the ACE for the class-maps (VIPs), the XML is incorrectly formatted, and therefore the WAF can not properly process the response.


The bug ID for this is CSCsz52234 and it is fixed in the latest release of software for the ACE 4710.  It is A3(2.5) and you can download it today from cisco.com.


Regards,

Sean

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Sean Merrow Wed, 02/17/2010 - 10:52
User Badges:
  • Silver, 250 points or more

Hello itlogical,


You are hitting a bug on the ACE 4710.  The problem is that when the WAF asks the ACE for the class-maps (VIPs), the XML is incorrectly formatted, and therefore the WAF can not properly process the response.


The bug ID for this is CSCsz52234 and it is fixed in the latest release of software for the ACE 4710.  It is A3(2.5) and you can download it today from cisco.com.


Regards,

Sean

itlogical Wed, 02/17/2010 - 23:09
User Badges:

Dear Sean,


Thanks for indicating this bug. For sure my next plan is to upgrade the ACE 4710 and I will let you know the outcome.


Lots of thanks once again.. will get back to you soon after applying upgrade.


Best Regards,

Actions

This Discussion