Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

ACE ftp inspection for a VIP giving other services.

Hello community,

I am very new to ACE domain and would like to be adviced.

ACE module since version A2(1.x) has stricter error checks for application protocol  inspection. Generic class-map matching is no longer accepted.

(http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/release/note/racea2_x.html#wp365052)

With this being said, we were wondering in the case of a VIP giving services to other ports (not only ftp with inspection) if there was some recommendations or best practice about the corresponding configuration :

- Only one VIP configured (one 'match virtual address' with an extended port range + inspect ftp)

or

- Two VIPs : One with ' match virtual-address x.x.x.x tcp eq 21' + 'inspect ftp' / And One with a more generic port range ?

or any other approach ?

Any suggestion would be appreciated.

Thanks.

Karim

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: ACE ftp inspection for a VIP giving other services.

Hi Karim,

I'd recommend a per-service based configuration approach.

This way, you can configure service-specific features (e.g parameter maps, application inspections) for each service, even if you have several services configured for the same VIP. I find this gives much greater flexibility.

hth

/Ulrich

2 REPLIES
Bronze

Re: ACE ftp inspection for a VIP giving other services.

Hi Karim,

I'd recommend a per-service based configuration approach.

This way, you can configure service-specific features (e.g parameter maps, application inspections) for each service, even if you have several services configured for the same VIP. I find this gives much greater flexibility.

hth

/Ulrich

Silver

Re: ACE ftp inspection for a VIP giving other services.

Hello Ulrich,

Thank you for your recommendations. I appreciate.

Regards.

Karim

364
Views
0
Helpful
2
Replies