Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem of importing VIPs from Cisco ACE 4710 to the ACE Web App Manager

Hello,

I am working on importing Virtual IP's (VIPs) from Cisco ACE 4710 Ver.A3(2.3) to the Cisco ACE Web App Manager Ver.6.3. In the first phase virtual connection between ACE appliances and WAF Manager is defined and the corresponding ACE Appliance IPs are getting listed under the "Destination Servers" option, But unable to import the VIPs and I get the following error after clicking the Import VIP link.

ERROR: Load balancer https://1.1.1.1:10443 virtual server parse failed Exception parsing for LoadBalancerContext
1.1.1.1 has no VIPs, or all of its VIPs are already represented by HTTP server definitions in this policy.

While reading through the document I have identified a note on which I still do not have clear understanding and I would like to mention here assuming if it could be the problem.

Note:The ACE Web Application Firewall does not support import of any VIP that matches a range of IP addresses in the ACE Application Switch policy.

Another point is that the VIPs on ACE and the IPs of ACE Web App Gateways are in the same range.

If this is the main cause of failure of importing VIPs then how it can be resolved or is there something else, If anyone can project some light or share ideas and experiences what could be the reason will be a great help.

Thanks in advance awaiting kind response.

Best Regards,

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Problem of importing VIPs from Cisco ACE 4710 to the ACE Web

Hello itlogical,

You are hitting a bug on the ACE 4710.  The problem is that when the WAF asks the ACE for the class-maps (VIPs), the XML is incorrectly formatted, and therefore the WAF can not properly process the response.

The bug ID for this is CSCsz52234 and it is fixed in the latest release of software for the ACE 4710.  It is A3(2.5) and you can download it today from cisco.com.

Regards,

Sean

2 REPLIES
Silver

Re: Problem of importing VIPs from Cisco ACE 4710 to the ACE Web

Hello itlogical,

You are hitting a bug on the ACE 4710.  The problem is that when the WAF asks the ACE for the class-maps (VIPs), the XML is incorrectly formatted, and therefore the WAF can not properly process the response.

The bug ID for this is CSCsz52234 and it is fixed in the latest release of software for the ACE 4710.  It is A3(2.5) and you can download it today from cisco.com.

Regards,

Sean

New Member

Re: Problem of importing VIPs from Cisco ACE 4710 to the ACE Web

Dear Sean,

Thanks for indicating this bug. For sure my next plan is to upgrade the ACE 4710 and I will let you know the outcome.

Lots of thanks once again.. will get back to you soon after applying upgrade.

Best Regards,

425
Views
0
Helpful
2
Replies
CreatePlease login to create content