08-14-2012 02:55 PM
Hello all,
I have an interesting issue. I have an ACE30 set up in ASN mode (see http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/slb/guide/slbgd.html)
I do see the connection to the server establish, but the server admin informs me that they are performing URL filtering and that my packets do not contain a URL! I am not sure what exactly I should do about this.
Config on ACE context:
access-list INBOUND line 10 extended permit ip any any
probe https TMG-Exchange
ssl version all
rserver host real1
ip address 10.50.102.77
inservice
rserver host real2
ip address 10.50.102.78
inservice
serverfarm host FARM_VIP_10.50.103.239
transparent
rserver real1
inservice
rserver real2
inservice
class-map match-all VIP_CLASS
2 match virtual-address 10.50.103.239 any
class-map type management match-any mgmt-cm
2 match protocol icmp any
3 match protocol ssh source-address 10.48.0.0 255.240.0.0
policy-map type management first-match mgmt-pm
class mgmt-cm
permit
policy-map type loadbalance first-match lbpol
class class-default
serverfarm FARM_VIP_10.50.103.239
policy-map multi-match LBPOL
class VIP_CLASS
loadbalance vip inservice
loadbalance policy lbpol
loadbalance vip icmp-reply active
loadbalance vip advertise active
interface vlan 102
description ONE ARM VLAN
ip address 10.50.102.96 255.255.255.0
no normalization
access-group input INBOUND
service-policy input LBPOL
service-policy input mgmt-pm
no shutdown
ip route 0.0.0.0 0.0.0.0 10.50.102.251
Any ideas?
08-14-2012 04:45 PM
Hello Mikael,
Could you explain yourself better? Do you mean you need to match a specific URL or what exactly?
Jorge
08-14-2012 04:56 PM
I do not need to match a specific URL. The application on the server does however. The server admin reports that connection is being refused as there is no URL included to match.
When setting this up as a one-arm config with source NAT everything works fine. Unfortunately, it is a requirement of the application that the client IP remain intact.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide