access-list ALL line 10 extended permit ip any any probe tcp HTTPS port 443 parameter-map type ssl PARAM_SSL_CITRIX cipher RSA_WITH_RC4_128_MD5 priority 2 cipher RSA_WITH_RC4_128_SHA priority 2 cipher RSA_WITH_DES_CBC_SHA priority 3 cipher RSA_WITH_3DES_EDE_CBC_SHA priority 3 cipher RSA_EXPORT_WITH_RC4_40_MD5 cipher RSA_EXPORT_WITH_DES40_CBC_SHA rserver host cagpres1 description cagpres1 -CitrixAcessGW ip address 10.8.3.7 conn-limit max 2000000 min 1500000 inservice rserver host cagpres2 description cagpres2 -CitrixAcessGW ip address 10.8.3.8 conn-limit max 2000000 min 1500000 probe HTTPS inservice ssl-proxy service SSL_CITRIX_CLIENT cert CitrixCert.PEM serverfarm host cagpres rserver cagpres1 inservice rserver cagpres2 inservice class-map type management match-any CITRIX_HTTPS 2 match protocol https any class-map match-any L4_Citrix description match traffic for Citrix VIP 2 match virtual-address 10.1.1.7 tcp any class-map type http loadbalance match-any L7_Citrix_URL 2 match http url .* class-map type management match-any REMOTE_ACCESS 2 match protocol ssh any 3 match protocol icmp any policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY class REMOTE_ACCESS permit policy-map type loadbalance first-match L7_Citrix_LBPolicy description BWT Layer 7 Load Balancing Policy class L7_Citrix_URL ssl-proxy client SSL_CITRIX_CLIENT policy-map multi-match L4_Citrix_LBPolicy description L4 Citrix Load-Balancing Policy class L4_Citrix loadbalance vip inservice loadbalance policy L7_Citrix_LBPolicy loadbalance vip icmp-reply active loadbalance vip advertise active interface vlan 7 ip address 10.8.3.10 255.255.255.240 no normalization no icmp-guard access-group input ALL access-group output ALL service-policy input REMOTE_MGMT_ALLOW_POLICY no shutdown interface vlan 8 ip address 10.8.7.8 255.255.255.240 no normalization no icmp-guard access-group input ALL access-group output ALL service-policy input REMOTE_MGMT_ALLOW_POLICY service-policy input L4_Citrix_LBPolicy no shutdown