cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
937
Views
4
Helpful
8
Replies

ACE Configuration (urgent)

wasiimcisco
Level 1
Level 1

I am facing problem with ACE configuration. I want to redirect 443 traffic to my Proxy Server.

But I am not able to do this. I want to redirect only subnet 192.168.80.0/24


I have the following configuration

access-list BC line 8 extended permit tcp host 192.168.80.89 any eq https

access-list BC line 16 extended permit tcp host 192.168.80.62 any eq https


probe tcp PROBE_TCP_443
  port 443
  interval 15
  passdetect interval 60
  open 1


serverfarm host SF_BCPR_https
  transparent
  probe PROBE_TCP_443
  rserver RS_BCPR01
    inservice
  rserver RS_BCPR02
    inservice


sticky ip-netmask 255.255.255.255 address source STICKY-SOURCE-HTTPS
  replicate sticky
  serverfarm SF_BCPR_https

class-map match-all CM_SF_BCPR_HTTPS
  2 match access-list BC

policy-map type loadbalance http first-match PM_LB_SF_BCPROXY_https
  class class-default
    sticky-serverfarm STICKY-SOURCE-HTTPS


==================================================================================
policy-map multi-match PM_MAIN_BCPROXY
    class CM_SF_BCPR_HTTPS
    loadbalance vip inservice
    loadbalance policy PM_LB_SF_BCPROXY_https
    loadbalance vip icmp-reply active
    appl-parameter http advanced-options PARAMAP_CASE
==================================================================================
interface vlan 300
  description ACE-INSIDE CONTEXT RACK1
  ip address 192.168.0.65 255.255.255.224
  alias 192.168.0.73 255.255.255.224
  peer ip address 192.168.0.66 255.255.255.224
  no normalization
  mac-address autogenerate
  no icmp-guard
  access-group input acl-in

access-list BC line 8 extended permit tcp host 192.168.80.89 any eq https
access-list BC line 16 extended permit tcp host 192.168.80.62 any eq https

  service-policy input PM_MAIN_BCPROXY
  no shutdown

I am getting error.

DC-ACE01/Rack1(config-cmap)# 10 match access-list BC

Error: Class-map is being used for virtual server definition

=======================================================================

Only if I am putting

class-map match-all CM_SF_BCPR_HTTPS
  2 match virtual-address 0.0.0.0 0.0.0.0 tcp eq https

Then only it is working but I dont have to have this policy to be applied on all the users only one subnet I want to have under HTTPS policy.

Please let me know how can I apply the policy only on specific subnet so that port 443 traffic can be redirect and rest of all subnets can go direclty to Internet.

Waiting for reply.

Thanks in Advance.

8 Replies 8