Limit certain subnets access to VIP

Answered Question
May 8th, 2010

I have a need to limit access to a certain VIP to a couple of subnets.  I am assuming I would have to create multiple class maps and nest them.  But I cant seem to find the right configs to get it working.

Can someone send me a link or a simple config that would allow me to do this.

BTW, I have seen a couple configs on cisco.com recommending a way.  Its just that my ACE module does seem to support that configuration.  (Or maybe I am confused ...  :-])

I am running A2 (1.0)

Thanks in advanced for your help,

Kham

=============== show ver output=================

ACE/Admin# sh ver
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2008, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Software
  loader:    Version 12.2[120]
  system:    Version A2(1.0) [build 3.0(0)A2(1.0) adbuild_16:29:03-2008/03/04_/a
uto/adbu-rel3/rel_a2_1_throttle/A2_1/REL_3_0_0_A2_1_0]
  system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1.bin
  installed license: no feature license is installed

Hardware
  Cisco ACE (slot: 6)
  cpu info:
    number of cpu(s): 2
    cpu type: SiByte
    cpu: 0, model: SiByte SB1 V0.2, speed: 700 MHz
    cpu: 1, model: SiByte SB1 V0.2, speed: 700 MHz
  memory info:
    total: 956184 kB, free: 254152 kB
    shared: 0 kB, buffers: 4700 kB, cached 0 kB
  cf info:
    filesystem: /dev/cf
    total: 1000512 kB, used: 390304 kB, available: 610208 kB

last boot reason:  Unknown
configuration register:  0x1
======================================================================================
I have this problem too.
0 votes
Correct Answer by UHansen1976 about 6 years 8 months ago

You could always try limiting traffic to your VIP using an access-list on your ingress interface.

BTW, have you considered upgrading? A2(1.0) is quite old, I would recommend going for an A2(2.x) release.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Correct Answer
UHansen1976 Sun, 05/09/2010 - 06:41

You could always try limiting traffic to your VIP using an access-list on your ingress interface.

BTW, have you considered upgrading? A2(1.0) is quite old, I would recommend going for an A2(2.x) release.

thekmannola Sun, 05/09/2010 - 10:37

That would work....  I did not think about it from that perspective.  I was looking at the class map and policy map perspective..

Thank you for your help.  Also we are looking into upgrading, just waiting for the change window.

Thank you again,

Kham

Actions

This Discussion