I have a need to limit access to a certain VIP to a couple of subnets. I am assuming I would have to create multiple class maps and nest them. But I cant seem to find the right configs to get it working.
Can someone send me a link or a simple config that would allow me to do this.
BTW, I have seen a couple configs on cisco.com recommending a way. Its just that my ACE module does seem to support that configuration. (Or maybe I am confused ... :-])
I am running A2 (1.0)
Thanks in advanced for your help,
=============== show ver output=================
ACE/Admin# sh ver
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2008, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
loader: Version 12.2
system: Version A2(1.0) [build 3.0(0)A2(1.0) adbuild_16:29:03-2008/03/04_/a
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1.bin
installed license: no feature license is installed
Cisco ACE (slot: 6)
number of cpu(s): 2
cpu type: SiByte
cpu: 0, model: SiByte SB1 V0.2, speed: 700 MHz
cpu: 1, model: SiByte SB1 V0.2, speed: 700 MHz
total: 956184 kB, free: 254152 kB
shared: 0 kB, buffers: 4700 kB, cached 0 kB
total: 1000512 kB, used: 390304 kB, available: 610208 kB
last boot reason: Unknown
configuration register: 0x1
You could always try limiting traffic to your VIP using an access-list on your ingress interface.
BTW, have you considered upgrading? A2(1.0) is quite old, I would recommend going for an A2(2.x) release.