Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE rediction

Hi everybody

I'm new with ACE4710 maybe someone can help me with it.

I need create configuration where:

if ACE's got packets from IP 10.10.10.10 on port 8888 (OUTSIDE int) it has to redirected to 11.11.11.11 port 8888 (INSIDE int)

if ACE's got from any other IP  it also has to redirected to 11.11.11.11 port 8888 however if URL consist  next http://../restrected/* it has to be redirected https://../restrected/* at the same server(11.11.11.11).

Thank you very much in advance.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: ACE rediction

Hi Denis,

Thanks for clearing that up.

Attached is the configuration example, I tried to keep it as simple as possible, a couple of things to mention:


-Port 443 doesn't need to be configured on the redirect rserver as this is the default HTTPS port.

- I used XYZ serverfarm assuming the same servers are going to receive the same traffic for 8888 and 443, if this is not true let me know and I'll change the config accordingly.

HTH

__ __

Pablo

Cisco Employee

Re: ACE rediction

Hi Denis,

Sorry that was supposed tobe a match-any class-map type as "ABC" is I copied it wrong when preparing the configuration

Glad to be of help =)

Have a good one!

__ __

Pablo

7 REPLIES
Cisco Employee

Re: ACE rediction

Hi Denis,

I can give you a hand with this config but first, do you have a copy of the current config that you can paste in here?

Is 10.10.10.10 the source of the requests or the IP that you're planning to use as the VIP along with 11.11.11.11

i.e

10.10.10.10 = abc.com

11.11.11.11 = xyz.com

So if any source comes to http://abc.com:8888 they should get redirected to http://xyz.com:8888 and in case the request comes as

http://abc.com:8888/restrected/* then they're going to be redirected to https://xyz.com:8888/restrected/*

Let me know if I missed/misunderstood something here

Thanks

__ __

Pablo

New Member

Re: ACE rediction

Thank you very much for your answer juporras

Current config is absolutely empty now :-)

I'm trying fingure out how i can do it

_________________________________________________________________________________________________

>10.10.10.10 = abc.com

>11.11.11.11 = xyz.com

>So if any source comes to http://abc.com:8888 they should get redirected to http://xyz.com:8888 and in case the request comes as

>http://abc.com:8888/restrected/* then they're going to be redirected to https://xyz.com:8888/restrected/*

___________________________________________________________________________________________________

Yes, the idea as you have written but with a small correction

if any source comes to http://abc.com:8888 they should get redirected to http://xyz.com:8888 and in case the source is any other adress and URL consist /restrected/* then they're going to be redirected to https://xyz.com:8888/restrected/* but if URL does not consist /restrected/* just got to http://xyz.com:8888

Cisco Employee

Re: ACE rediction

Denis,

Gotcha, I'll send you a config sample in a bit.

Something that just popped-up to my mind is that we might need to use a different port than 8888 for http(s)://xyz.com unless you're running

SSL and WWW on the same TCP port on your backend servers.

My guess is that you want http over port 8888 and https on 443.

Thanks.

__ __

Pablo

New Member

Re: ACE rediction

Yes you right.It's my mistake in discription idea.

if any source comes to http://abc.com:8888 they should get redirected to http://xyz.com:8888 and in case the source is any other adress and URL consist /restrected/* then they're going to be redirected to https://xyz.com:443/restrected/* but if URL does not consist /restrected/* just got to http://xyz.com:8888

Cisco Employee

Re: ACE rediction

Hi Denis,

Thanks for clearing that up.

Attached is the configuration example, I tried to keep it as simple as possible, a couple of things to mention:


-Port 443 doesn't need to be configured on the redirect rserver as this is the default HTTPS port.

- I used XYZ serverfarm assuming the same servers are going to receive the same traffic for 8888 and 443, if this is not true let me know and I'll change the config accordingly.

HTH

__ __

Pablo

New Member

Re: ACE rediction

Huge thank juporras for your help. It's really help me.

I have only one small question

iis it possible to have more that one match in case of using match-all

class-map match-all XYZ
  2 match virtual-address 10.10.10.10 tcp eq 8888
  3 match virtual-address 10.10.10.10 tcp eq 443

When i've tried to add second match I got message:

Error: Only one match virtual-address is allowed in a match-all class-map and it cannot mix with any other match type

so i've created another class

class-map match-all XYZ1

match virtual-address 10.10.10.10 tcp eq 443

and add this class in policy


policy-map multi-match LB

     class XYZ1

     ....

other things work well

Thank you very much.....

Cisco Employee

Re: ACE rediction

Hi Denis,

Sorry that was supposed tobe a match-any class-map type as "ABC" is I copied it wrong when preparing the configuration

Glad to be of help =)

Have a good one!

__ __

Pablo

287
Views
10
Helpful
7
Replies
CreatePlease login to create content