cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
539
Views
0
Helpful
2
Replies

Limit certain subnets access to VIP

thekmannola
Level 1
Level 1

I have a need to limit access to a certain VIP to a couple of subnets.  I am assuming I would have to create multiple class maps and nest them.  But I cant seem to find the right configs to get it working.

Can someone send me a link or a simple config that would allow me to do this.

BTW, I have seen a couple configs on cisco.com recommending a way.  Its just that my ACE module does seem to support that configuration.  (Or maybe I am confused ...  :-])

I am running A2 (1.0)

Thanks in advanced for your help,

Kham

=============== show ver output=================

ACE/Admin# sh ver
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2008, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Software
  loader:    Version 12.2[120]
  system:    Version A2(1.0) [build 3.0(0)A2(1.0) adbuild_16:29:03-2008/03/04_/a
uto/adbu-rel3/rel_a2_1_throttle/A2_1/REL_3_0_0_A2_1_0]
  system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1.bin
  installed license: no feature license is installed

Hardware
  Cisco ACE (slot: 6)
  cpu info:
    number of cpu(s): 2
    cpu type: SiByte
    cpu: 0, model: SiByte SB1 V0.2, speed: 700 MHz
    cpu: 1, model: SiByte SB1 V0.2, speed: 700 MHz
  memory info:
    total: 956184 kB, free: 254152 kB
    shared: 0 kB, buffers: 4700 kB, cached 0 kB
  cf info:
    filesystem: /dev/cf
    total: 1000512 kB, used: 390304 kB, available: 610208 kB

last boot reason:  Unknown
configuration register:  0x1
======================================================================================
1 Accepted Solution

Accepted Solutions

UHansen1976
Level 1
Level 1

You could always try limiting traffic to your VIP using an access-list on your ingress interface.

BTW, have you considered upgrading? A2(1.0) is quite old, I would recommend going for an A2(2.x) release.

View solution in original post

2 Replies 2

UHansen1976
Level 1
Level 1

You could always try limiting traffic to your VIP using an access-list on your ingress interface.

BTW, have you considered upgrading? A2(1.0) is quite old, I would recommend going for an A2(2.x) release.

That would work....  I did not think about it from that perspective.  I was looking at the class map and policy map perspective..

Thank you for your help.  Also we are looking into upgrading, just waiting for the change window.

Thank you again,

Kham

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: