I am facing problem with ACE configuration. I want to redirect 443 traffic to my Proxy Server.
But I am not able to do this. I want to redirect only subnet 192.168.80.0/24
I have the following configuration
access-list BC line 8 extended permit tcp host 192.168.80.89 any eq https
access-list BC line 16 extended permit tcp host 192.168.80.62 any eq https
probe tcp PROBE_TCP_443
port 443
interval 15
passdetect interval 60
open 1
serverfarm host SF_BCPR_https
transparent
probe PROBE_TCP_443
rserver RS_BCPR01
inservice
rserver RS_BCPR02
inservice
sticky ip-netmask 255.255.255.255 address source STICKY-SOURCE-HTTPS
replicate sticky
serverfarm SF_BCPR_https
class-map match-all CM_SF_BCPR_HTTPS
2 match access-list BC
policy-map type loadbalance http first-match PM_LB_SF_BCPROXY_https
class class-default
sticky-serverfarm STICKY-SOURCE-HTTPS
==================================================================================
policy-map multi-match PM_MAIN_BCPROXY
class CM_SF_BCPR_HTTPS
loadbalance vip inservice
loadbalance policy PM_LB_SF_BCPROXY_https
loadbalance vip icmp-reply active
appl-parameter http advanced-options PARAMAP_CASE
==================================================================================
interface vlan 300
description ACE-INSIDE CONTEXT RACK1
ip address 192.168.0.65 255.255.255.224
alias 192.168.0.73 255.255.255.224
peer ip address 192.168.0.66 255.255.255.224
no normalization
mac-address autogenerate
no icmp-guard
access-group input acl-in
access-list BC line 8 extended permit tcp host 192.168.80.89 any eq https
access-list BC line 16 extended permit tcp host 192.168.80.62 any eq https
service-policy input PM_MAIN_BCPROXY
no shutdown
I am getting error.
DC-ACE01/Rack1(config-cmap)# 10 match access-list BC
Error: Class-map is being used for virtual server definition
=======================================================================
Only if I am putting
class-map match-all CM_SF_BCPR_HTTPS
2 match virtual-address 0.0.0.0 0.0.0.0 tcp eq https
Then only it is working but I dont have to have this policy to be applied on all the users only one subnet I want to have under HTTPS policy.
Please let me know how can I apply the policy only on specific subnet so that port 443 traffic can be redirect and rest of all subnets can go direclty to Internet.
Waiting for reply.
Thanks in Advance.