ACE Redirection

Answered Question
May 10th, 2010

I have ACE 4710 and I want to use this to redirect port 80 traffic to my proxy server. But I am not able to do that. MY ACE is in routed mode. Below is my ACE configuration when I am applying the policy on the interface I am not able to browse the Internet.

I am connected to the Interface VLAN 300. Below is the configuration for ACE.

class-map type management match-any CM_ALL

2 match protocol snmp any

3 match protocol http any

4 match protocol https any

5 match protocol icmp any

6 match protocol telnet any

class-map match-any CM_BYPASS_FOR_LAN

3 match virtual-address 100.1.1.0 255.255.255.0 tcp eq www

8 match virtual-address 10.0.0.0 255.0.0.0 tcp eq www

9 match virtual-address 172.16.0.0 255.255.0.0 tcp eq www

10 match virtual-address 192.168.0.0 255.255.0.0 tcp eq www

11 match virtual-address 172.20.0.0 255.255.0.0 tcp eq www

12 match virtual-address 172.23.15.0 255.255.255.0 tcp eq www

13 match virtual-address 172.23.16.0 255.255.255.0 tcp eq www

class-map match-any CM_BYPASS_SUBNET

9 match virtual-address 100.0.0.0 255.0.0.0 tcp eq www

15 match virtual-address 192.168.0.0 255.255.0.0 tcp eq www

16 match virtual-address 172.20.0.0 255.255.0.0 tcp eq www

17 match virtual-address 172.16.0.0 255.255.0.0 tcp eq www

18 match virtual-address 172.23.16.0 255.255.255.0 tcp eq www

19 match virtual-address 172.23.15.0 255.255.255.0 tcp eq www

20 match virtual-address 10.0.0.0 255.0.0.0 tcp eq www

class-map match-any CM_IM

2 match virtual-address 0.0.0.0 0.0.0.0 tcp eq 5050

3 match virtual-address 0.0.0.0 0.0.0.0 tcp eq 1080

4 match virtual-address 0.0.0.0 0.0.0.0 tcp eq 5101

class-map match-all CM_SF_BCPR

255 match virtual-address 0.0.0.0 0.0.0.0 tcp eq www

policy-map type management first-match PM_ALL

class CM_ALL

permit

policy-map type loadbalance http first-match PM_L7_BYPASS_FOR_LAN_HTTP

class class-default

forward

policy-map type loadbalance http first-match PM_L7_BYPASS_HTTP

class class-default

forward

policy-map type loadbalance http first-match PM_LB_SF_BCPROXY

class class-default

serverfarm SF_BCPR

policy-map multi-match PM_BYPASS_FOR_LAN_HTTP

class CM_BYPASS_FOR_LAN

loadbalance vip inservice

loadbalance policy PM_L7_BYPASS_FOR_LAN_HTTP

policy-map multi-match PM_BYPASS_HTTP

class CM_BYPASS_SUBNET

loadbalance vip inservice

loadbalance policy PM_L7_BYPASS_HTTP

policy-map multi-match PM_MAIN_BCPROXY

class CM_SF_BCPR

loadbalance vip inservice

loadbalance policy PM_LB_SF_BCPROXY

loadbalance vip icmp-reply active

appl-parameter http advanced-options PARAMAP_CASE

service-policy input PM_ALL

interface vlan 100

description FW-INSIDE CONTEXT1

ip address 192.168.180.5 255.255.255.240

no icmp-guard

access-group input acl-out

no shutdown

interface vlan 300

description ACE-INSIDE CONTEXT RACK1

ip address 192.168.10.5 255.255.255.0

no normalization

no icmp-guard

access-group input acl-in

service-policy input PM_BYPASS_FOR_LAN_HTTP

service-policy input PM_BYPASS_HTTP

service-policy input PM_MAIN_BCPROXY

no shutdown

interface vlan 301

description BC-VLAN CONTEXT RACK1

ip address 192.168.180.97 255.255.255.240

access-group input acl-proxy

no shutdown

Please let me know where I am missing the configuration. I will be very thankful for the prompt help.

Attachment: 
I have this problem too.
0 votes
Correct Answer by UHansen1976 about 6 years 8 months ago

Hi,

You need to put your rserver inservice.

rserver host RS_BCPR01
  ip address 192.168.180.103

    inservice


As you can see, when you're displaying your rserver/serverfarm, it's current status is OUTOFSERVICE, which indicates, that the rserver has been manually suspended for service.

hth

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
UHansen1976 Mon, 05/10/2010 - 10:20

Hi,

You need to put your rserver inservice.

rserver host RS_BCPR01
  ip address 192.168.180.103

    inservice


As you can see, when you're displaying your rserver/serverfarm, it's current status is OUTOFSERVICE, which indicates, that the rserver has been manually suspended for service.

hth

Actions

This Discussion