cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
586
Views
0
Helpful
4
Replies

Creating user in Context

Muhammad Khan
Level 1
Level 1

Hi,

I wounder if anyone could help me. I have an ACE appliace running. I have created a new Context and have done all the configuration i.e. interfaces, loadbalancing, domain, users etc. Only problem and very basic one is that I am unable to login to the Context directly. I can acess the Contect with it's management IP but when I try to login I get "Invalid User Name/Password." message.

I can only login in Admin context. Is there anyting I am missing?  

Rgds,

4 Replies 4

Eric Rose
Cisco Employee
Cisco Employee

Hi,

Did you create a policy for remote access to that context and add the it to the interface?

Typically there is a remote_mgnt service policy - this is used to access the managemnet entity on a specific interface.

Thanks

Eric

Hi Eric,

Thank you for your reply.

Yes all the policies are in place. I can browse to we Console and Telnet but unable to login. Here is the Context config (It is one armed design with client/server and ACE on same VLAN). None of the users defined in here can login.

access-list ALL line 8 extended permit ip any any
access-list ALL line 16 extended permit icmp any any

probe http Probe_HTTP
  interval 5
  passdetect interval 60
  expect status 200 200
  open 10


rserver host Server1
  ip address 192.168.0.2
  conn-limit max 4000000 min 4000000
  inservice

rserver host Server2
  ip address 192.168.0.23
  conn-limit max 4000000 min 4000000
  inservice


serverfarm host Farm1
  probe Probe_HTTP
  rserver Server1 80
    conn-limit max 4000000 min 4000000
    inservice
  rserver Server2 80
    conn-limit max 4000000 min 4000000
    inservice

sticky http-cookie XYZ_Cookie XYZ_Cookie
  serverfarm Farm1

class-map type management match-any Management
  201 match protocol http any
  202 match protocol https any
  203 match protocol icmp any
  204 match protocol kalap-udp any
  205 match protocol ssh any
  206 match protocol telnet any
  207 match protocol xml-https any

class-map match-all XYZ_VS
  2 match virtual-address 192.168.0.9 tcp eq www

policy-map type management first-match Management
  class Management
    permit

policy-map type loadbalance first-match XYZ_VS-l7slb
  class class-default
    serverfarm Farm1

policy-map multi-match int3
  class XYZ_VS
    loadbalance vip inservice
    loadbalance policy XYZ_VS-l7slb
    nat dynamic 5 vlan 2

interface vlan 2
  description Server VLAN
  ip address 192.168.0.6 255.255.255.0
  alias 192.168.0.8 255.255.255.0
  peer ip address 192.168.0.7 255.255.255.0
  access-group input ALL
  nat-pool 5 192.168.0.9 192.168.0.9 netmask 255.255.255.0 pat
  service-policy input int3
  service-policy input Management
  no shutdown

domain XYZ_Domain
  add-object all

ip route 0.0.0.0 0.0.0.0 192.168.0.20

username XYZadmin password 5 *********** role Admin domain default-domain
username XYZusr password 5 ********* role Network-Monitor domain XYZ_Domain

snmp-server contact "ANM"
snmp-server location "ANM"

Thank you.

Errr... i managed to resolve it

username XYZadmin password 5 *********** role Admin domain default-domain
username XYZusr password 5 ********* role Network-Monitor domain XYZ_Domain

Should have been

username XYZadmin password 0 *********** role Admin domain default-domain
username XYZusr password 0 ********* role Network-Monitor domain XYZ_Domain

I was specifying encrypted password instead of clear text.

That is great to hear.

Thanks

Eric

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: