ciscocsoc

Member Since: Feb 14, 2005

English
ciscocsoc commented on ACE load balance port range to backend range? in Application Networking 10 months ago

Hi, Not sure why you need ports defining on the serverfarm.  You should be able to do this; class-...

ciscocsoc commented on VIP to VIP Communication behind same ACE in Application Networking 12 months ago

Hi, If the two VIPs serverfarms are in the same context then you will need to source-NAT traffic...

ciscocsoc commented on Managing Certificates and Keys in End-to-End SSL in Application Networking 1 year ago

Hi, It depends what you mean by end-to-end SSL. If you mean just passing the SSL traffic through...

ciscocsoc commented on ACE LDAPS terminator in Application Networking 2 years ago

Yes. It uses the same technique as HTTPS termination. Just remember to specify port 389 on the...

ciscocsoc commented on Unable to configure ACE 20s in Application Networking 3 years ago

That is the error message you would see if the ACS was not setting the user role to Admin.  See...

ciscocsoc commented on ACE Startup-config file location in Application Networking 3 years ago

The ACE has a number of compressed filesystems held in an internal filesystem to house startup...

ciscocsoc commented on Question about Migrate Certificates in Application Networking 3 years ago

Hi Rodrigo,iPlanet is an Oracle product so looking at their documentation is the starting point for...

ciscocsoc commented on ACE: parse length-exceed action in Application Networking 3 years ago

There is a small difference.The default max-parse-length is 2048 bytes, so the snippet presented in...

ciscocsoc commented on ACE20 and TLSv1.0 extensions problem in Application Networking 3 years ago

Hi Ajay,Odd. This is now starting to look like a server-side issue. I'll investigate further at...

ciscocsoc commented on ACE20 and TLSv1.0 extensions problem in Application Networking 3 years ago

Thanks for looking at this.I can' t see why this would work. I'm not doing SSL termination and we...

ciscocsoc commented on ACE20 and TLSv1.0 extensions problem in Application Networking 3 years ago

Hi Jorge, César,I've attached a capture of an attempted TLSv1-only session from the ACE 10Gig...

ciscocsoc commented on Restrict Access To A L7 URL On ACE in Application Networking 3 years ago

Hi,You should be able to do this with nested class-maps. The class-map that defines the allowed...

ciscocsoc commented on ACE20 and TLSv1.0 extensions problem in Application Networking 3 years ago

Hi Cesar,I didn't get a 10Gig capture - but I did a cpature from the context on both interfaces. I...

ciscocsoc commented on ACE20 and TLSv1.0 extensions problem in Application Networking 3 years ago

Hi Ajay,Disabling normalization made no difference. I thought it might help, but I think it only...

ciscocsoc commented on ACE20 and TLSv1.0 extensions problem in Application Networking 3 years ago

Hi Ajay,Thank you.  I don't think that is the problem as I'm not using the SSL proxy feature - just...

ciscocsoc commented on ACE HTTPS Probe problem related to dns in Application Networking 4 years ago

> I'm thinking that you are saying to do thisCorrect.The HTTP header information only has a...

ciscocsoc commented on ACE HTTPS Probe problem related to dns in Application Networking 4 years ago

Hi,In the probe definition you can specify an HTTP header value:probe https HTTPS ... header Host...

ciscocsoc commented on Issue with Scripted Probe for LDAP in Application Networking 4 years ago

To update the script==============Extract the Cisco-supplied LDAP script from the tar.gz or zip...

ciscocsoc commented on Issue with Scripted Probe for LDAP in Application Networking 4 years ago

Hi Robert,Yes - it is just like Active Directory. The Bind Success response is coming back with...

ciscocsoc commented on Issue with Scripted Probe for LDAP in Application Networking 4 years ago

Reply using the "Use advanced editor" option (top rh corner)This brings up an option at the bottom...

ciscocsoc commented on Issue with Scripted Probe for LDAP in Application Networking 4 years ago

> but I can get a tcpdump from the server if that helpsIt can't hurt. The 30002 means than the...

ciscocsoc commented on Issue with Scripted Probe for LDAP in Application Networking 4 years ago

Hi Robert,A packet capture from the switchport to which the server is connected would be useful -...

ciscocsoc commented on ACE functionally question - SSL tunnelling / proxy on behalf of non SSL client in Application Networking 4 years ago

Hi,Yes. The ACE SSL Configuration Guide shows how to do this in the "Configuring SSL Initiation"...

ciscocsoc commented on ACE SSL Offload Advantage on End to End SSL in Application Networking 4 years ago

Hi,If you terminate on the ACE before re-encrypting you have an opportunity to look at the...

ciscocsoc commented on Certificate order for SSL ChainGroup on ACE in Application Networking 4 years ago

Only if you use a PKCS12 format file. See https://supportforums.cisco.com/message/3141328#3141328...

ciscocsoc commented on Certificate order for SSL ChainGroup on ACE in Application Networking 4 years ago

Hi Sez,The preferred order is:Issued CertIntermediatesRootHTHCathy

ciscocsoc commented on ACE: parse length-exceed action in Application Networking 4 years ago

Hi, The following config snippet should point you in the right direction:parameter-map type http...

ciscocsoc commented on multiple probes in a serverfarm in Application Networking 4 years ago

Hi,From the ACE Server Load Balancing Guide:"By default, the real servers that you configure in a...

ciscocsoc commented on ACE - LDAP TCL Script in Application Networking 4 years ago

Hi,It looks like you are probing a Microsoft AD LDAP server. The ASN.1 encoding used by Microsoft...

ciscocsoc commented on ACE4710 HTTP probe in Application Networking 4 years ago

Hi,One  potential problem is that the server needs to send a  Content-Length header. If this header...

ciscocsoc commented on Checking the return string in probe. in Application Networking 4 years ago

Hi,The regex string should be unquoted e.g. ...expect regex onlineYou only need quotes if the...

ciscocsoc commented on ACE service-policy out of service - still able to connect to VIP on port. in Application Networking 4 years ago

Hi,In the class-map under the policy map do you have something like:policy-map multi-match L4POLICY...

ciscocsoc commented on ACE - LDAP TCL Script in Application Networking 4 years ago

The cause of the immediate problem is the way in which ASN.1 codes lengths - and the fact that your...

ciscocsoc commented on ACE - LDAP TCL Script in Application Networking 4 years ago

Error codes are documented in the "Server Load-Balancing Configuration Guide" Appendix AExit Code...

ciscocsoc commented on ACE probe for rserver in Application Networking 5 years ago

Hi,You will need a custom script. The supplied CHECKPORT_STD_SCRIPT should provide a reasonable...

ciscocsoc commented on http to https redirection URL in Application Networking 5 years ago

Hi George,From the Server Load-Balancing Guide:"The syntax of this command is as follows:webhost-...

ciscocsoc commented on ACE probe in Application Networking 5 years ago

Hi,This will not work.From the manual section on configuring probes."An HTTP probe establishes a...

ciscocsoc commented on ACE : can't get to loadbalance in Application Networking 5 years ago

Hi,Your VIP address isn't in VLAN 265. If you look really close at the OVH documentation then you'...

ciscocsoc commented on Cisco ACE 4710 - load balancing base on URL pattern in Application Networking 5 years ago

Hi,The Cisco example at http://www.cisco.com/en/US/products/hw/modules/ps2706/...

ciscocsoc commented on ACE ipsec issue in Application Networking 5 years ago

> becomes available again, the ACE sends all connections to the primary server farm.should...

ciscocsoc commented on ACE30 Script Issues, LDAP_PROBE in Application Networking 5 years ago

Hi,Looks OK - if a little complicated.  If you look through the archives of this group you'll see a...

ciscocsoc commented on ACE module inter serverfarm communication ( on VIP) in Application Networking 5 years ago

Hi,You need to put a NAT-Pool on VLAN 460 and reference that in the policy-map.  Remember traffic...

ciscocsoc commented on ACE probe failure - service down – Can we inform to the end client? in Application Networking 5 years ago

Hi Oscar,In general the answer is No.  However if your load-balanced app is web-based you'll be...

ciscocsoc commented on Purpose of keeping original IP for server? in Application Networking 5 years ago

Hi,The line causes an HTTP header line to be inserted into the request. This allows your web...

ciscocsoc commented on ACE 4710 LDAP probe in Application Networking 5 years ago

Hi Andre,The ACE comes with some sample probe scripts - one of which tests LDAP by performing an...

ciscocsoc commented on Multiple SSL Certs in one SSL Proxy/VIP in Application Networking 5 years ago

You need to do the decryption before you can implement layer7.Your options seem to be wildcards,...

ciscocsoc commented on Multiple SSL Certs in one SSL Proxy/VIP in Application Networking 5 years ago

Hi,I don't think you can do this directly with the ACE.   A wildcard certificate would work if all...

ciscocsoc commented on ACE 4710 - serverfarm predictor in Application Networking 5 years ago

Hi,There are a couple of ways of achieving your objective.The first method works for the simple...

ciscocsoc commented on ACE 4710 - Gracefully Shutting Down a Server in Application Networking 5 years ago

Hi,To gracefully shutdown use the "no inservice" on the rserver within the serverfarm rather than...

ciscocsoc commented on Resetting an ACE back to factory settings in Application Networking 5 years ago

Hi,You'll need to do a "write erase" in each context. Also you may need "crypto delete" to remove...

Bio












ciscocsoc's Stats

Points417
Discussion started 14
Answers marked as Correct 37
Endorsed 0
Content Rated 9