I am working on importing Virtual IP's (VIPs) from Cisco ACE 4710 Ver.A3(2.3) to the Cisco ACE Web App Manager Ver.6.3. In the first phase virtual connection between ACE appliances and WAF Manager is defined and the corresponding ACE Appliance IPs are getting listed under the "Destination Servers" option, But unable to import the VIPs and I get the following error after clicking the Import VIP link.
ERROR: Load balancer https://188.8.131.52:10443 virtual server parse failed Exception parsing for LoadBalancerContext
184.108.40.206 has no VIPs, or all of its VIPs are already represented by HTTP server definitions in this policy.
While reading through the document I have identified a note on which I still do not have clear understanding and I would like to mention here assuming if it could be the problem.
Note:The ACE Web Application Firewall does not support import of any VIP that matches a range of IP addresses in the ACE Application Switch policy.
Another point is that the VIPs on ACE and the IPs of ACE Web App Gateways are in the same range.
If this is the main cause of failure of importing VIPs then how it can be resolved or is there something else, If anyone can project some light or share ideas and experiences what could be the reason will be a great help.
Thanks in advance awaiting kind response.
You are hitting a bug on the ACE 4710. The problem is that when the WAF asks the ACE for the class-maps (VIPs), the XML is incorrectly formatted, and therefore the WAF can not properly process the response.
The bug ID for this is CSCsz52234 and it is fixed in the latest release of software for the ACE 4710. It is A3(2.5) and you can download it today from cisco.com.