Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Need alternative port open for VIPs on ACE

My ACE is almost completely configured - with VIPs, farms, real servers, redirects etc. Port 80 and 443 are working as expected and web requests are getting routed appropriately.

The need has arisen however, to allow a non-traditional port to be allowed/open to certain websites (to certain VIPs). (As some background - this is an SFTP style client based connection. ) 

My ACL configuration is open - ip any any - but i even created one specific to this port number. (let's just say it's 7777 for now). I've done captures on the firewall to make sure that traffic from external requests is getting through it, and when I try to connect to the real server address (either NATed or internally), it connects just fine. I am unable to see the connection attempts in the logging on the ACE and the error message that the client app gets is "connection refused"

               

I'm not good with policy maps or class maps, so I'm not sure if that's where I need to be looking. I suppose that the issue is at the VIP level though since the server IPs work fine, so I need to understand what gets processed via that IP that doesn't via the others.

So if I currently have websites on the ACE configured to accept, redirect, and loadbalance for port 80 and 443, but I now need them to do the same on port 7777, what changes need to be applied and where?

I can paste any config info if someone can help me. Thanks.

1 REPLY
Cisco Employee

Need alternative port open for VIPs on ACE

Good afternoon,

This new port would be a completely new VIP, so, you would need to create a new class-map for it.

Daniel

304
Views
0
Helpful
1
Replies
CreatePlease to create content