Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Equivalent config on ACE from the CSS config

Folks

What will be equivalent config from CSS to ACE for the following config:

ssl-server 72 cipher rsa-with-rc4-128-md5 12.12.12.12 81

ssl-server 72 vip address 12.167.24.187

ssl-server 72 rsakey turnleafkey

ssl-server 72 rsacert turnleafstar1

ssl-server 72 cipher rsa-with-rc4-128-md5 12.12.12.12 81

service 12.12.12.12-redirect

ip address 42.42.42.42

keepalive type none

type redirect

no prepend-http

domain "https://testing.com"

active

content 12.12.12.12-443

vip address 12.12.12.12

port 443

protocol tcp

add service ssl_module1

active

content 12.12.12.12-81

vip address 12.12.12.12

port 81

protocol tcp

balance leastconn

advanced-balance sticky-srcip

add service host1-81

add service host2-81

add service host3-81

active

content 12.12.12.12-redirect

vip address 12.12.12.12

add service 12.12.12.12-redirect

protocol tcp

port 80

url "/*"

active

Thanks

4 REPLIES
Cisco Employee

Re: Equivalent config on ACE from the CSS config

Here is the result given by the CSS to ACE conversion tool available on the ACE Appliance. C4710.

Configuration commands for Admin context:

-----------------------------------------

resource-class RC1

limit-resource sticky minimum 10 maximum unlimited

context Admin

member RC1

interface gigabitEthernet 1/1

channel-group 10

no shutdown

interface gigabitEthernet 1/2

channel-group 10

no shutdown

interface gigabitEthernet 1/3

channel-group 10

no shutdown

interface gigabitEthernet 1/4

channel-group 10

no shutdown

interface port-channel 10

no shutdown

#interface gigabitEthernet 1/1

# no shutdown

Configuration commands for Admin context:

-----------------------------------------

access-list PERMIT_ALL extended permit ip any any

rserver redirect 12.12.12.12-redirect

inservice

webhost-redirection "https://testing.com"

serverfarm host 12.12.12.12-443

rserver ssl_module1

inservice

serverfarm host 12.12.12.12-81

predictor leastconns

rserver host1-81

inservice

rserver host2-81

inservice

rserver host3-81

inservice

serverfarm redirect 12.12.12.12-redirect

probe 12.12.12.12-redirect_PROBE

rserver 12.12.12.12-redirect

inservice

sticky ip-netmask 255.255.255.255 address source 12.12.12.12-81_STICKY

serverfarm 12.12.12.12-81

replicate sticky

parameter-map type http CASE_PARAM

case-insensitive

class-map type management match-any TO-CP-POLICY

match protocol icmp any

match protocol telnet any

match protocol snmp any

match protocol ssh any

class-map type http loadbalance match-any 12.12.12.12-redirect_CLASSURL

match http url "[.]*"

class-map match-all 12.12.12.12-81_CLASS

match virtual-address 12.12.12.12 tcp eq 81

class-map match-all 12.12.12.12-redirect_CLASS

match virtual-address 12.12.12.12 tcp eq 80

class-map match-all 12.12.12.12-443_CLASS

match virtual-address 12.12.12.12 tcp eq 443

policy-map type loadbalance first-match 12.12.12.12-81_POLICY

class class-default

sticky-serverfarm 12.12.12.12-81_STICKY

policy-map type loadbalance first-match 12.12.12.12-redirect_POLICY

class 12.12.12.12-redirect_CLASSURL

serverfarm 12.12.12.12-redirect

policy-map type loadbalance first-match 12.12.12.12-443_POLICY

class class-default

serverfarm 12.12.12.12-443

policy-map type management first-match TO-CP-POLICY

class TO-CP-POLICY

permit

policy-map multi-match POLICY

class 12.12.12.12-81_CLASS

appl-parameter http advanced-options CASE_PARAM

loadbalance vip inservice

loadbalance vip icmp-reply active

loadbalance policy 12.12.12.12-81_POLICY

class 12.12.12.12-redirect_CLASS

appl-parameter http advanced-options CASE_PARAM

loadbalance vip inservice

loadbalance vip icmp-reply active

loadbalance policy 12.12.12.12-redirect_POLICY

class 12.12.12.12-443_CLASS

appl-parameter http advanced-options CASE_PARAM

loadbalance vip inservice

loadbalance vip icmp-reply active

loadbalance policy 12.12.12.12-443_POLICY

service-policy input TO-CP-POLICY

service-policy input POLICY

Cisco Employee

Re: Equivalent config on ACE from the CSS config

The output above is missing the ssl-proxy and has an error in the SSL policy.

Here is the correction

ssl-proxy MyProxy

key ...

cert ...

policy-map multi-match POLICY

class 12.12.12.12-443_CLASS

appl-parameter http advanced-options CASE_PARAM

loadbalance vip inservice

loadbalance vip icmp-reply active

loadbalance policy 12.12.12.12-81_POLICY

ssl-proxy server MyProxy

Gilles.

Community Member

Re: Equivalent config on ACE from the CSS config

How did u define probe 12.12.12.12-redirect_PROBE in the config u gave? what are the values of probe 12.12.12.12-redirect_PROBE

Cisco Employee

Re: Equivalent config on ACE from the CSS config

Actually, we do not support probe for redirect rserver.

So, simply remove that probe..

G.

261
Views
0
Helpful
4
Replies
CreatePlease to create content