Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACE module in ASN set up not passing URL

Hello all,

I have an interesting issue. I have an ACE30 set up in ASN mode (see

I do see the connection to the server establish, but the server admin informs me that they are performing URL filtering and that my packets do not contain a URL! I am not sure what exactly I should do about this.

Config on ACE context:

access-list INBOUND line 10 extended permit ip any any

probe https TMG-Exchange

  ssl version all

rserver host real1

  ip address


rserver host real2

  ip address


serverfarm host FARM_VIP_10.50.103.239


  rserver real1


  rserver real2


class-map match-all VIP_CLASS

  2 match virtual-address any

class-map type management match-any mgmt-cm

  2 match protocol icmp any

  3 match protocol ssh source-address

policy-map type management first-match mgmt-pm

  class mgmt-cm


policy-map type loadbalance first-match lbpol

  class class-default

    serverfarm FARM_VIP_10.50.103.239

policy-map multi-match LBPOL

  class VIP_CLASS

    loadbalance vip inservice

    loadbalance policy lbpol

    loadbalance vip icmp-reply active

    loadbalance vip advertise active

interface vlan 102

  description ONE ARM VLAN

  ip address

  no normalization

  access-group input INBOUND

  service-policy input LBPOL

  service-policy input mgmt-pm

  no shutdown

ip route

Any ideas?

Everyone's tags (6)

ACE module in ASN set up not passing URL

Hello Mikael,

Could you explain yourself better? Do you mean you need to match a specific URL or what exactly?


New Member

ACE module in ASN set up not passing URL

I do not need to match a specific URL. The application on the server does however. The server admin reports that connection is being refused as there is no URL included to match.

When setting this up as a one-arm config with source NAT everything works fine. Unfortunately, it is a requirement of the application that the client IP remain intact.