Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
0
Helpful
3
Replies

ACE keep probing real servers using "https get 302"

Charles_Chi4
Level 1
Level 1

‎02-28-2011 08:14 PM

Hi all,

I got one problem with cisco ACE in my company. Currently, two ACE appliances are working as HA redundancy. Previously I enabled some https and http probing using get 302 for some servers and services. But then I was told to remove all https or http probing, and instead use tcp port 443 and 80. After that, one of the serverfarm (server groups) is receiving https get 302 and I already checked in the monitoring and see whether there's any https probing regarding the respected real servers. But I could not find any. Even I disable all probing to that serverfarm, all the server members still receiving https get 302. Is this behavior a bug?

The ACE version is A3(2.1). And the HA status is on standby cold. Can standby cold cause this kind of trouble?

Labels:
0 Helpful
3 Replies 3

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎03-03-2011 05:24 AM

Hi Charles,

When an ACE is in STANDBY-COLD state, configurations may not be properly synchronized, so,it's possible that the probe configuration is still present on the standby device.

Also, I would suggest you to check what is the source IP for the probe connections. An ACE will use the real interface IP to open probe connections, so, this should give you a good idea of which device is generating the connections.

Regards

Daniel

0 Helpful

Charles_Chi4
Level 1
Level 1
In response to Daniel Arrondo Ostiz

‎03-06-2011 06:45 PM

Hi Daniel,

I just corrected the cert problem and made the state peer into standby hot. But still it still keep probing the get 302. And then I tried to restart both ACEs. The first step is to restart the second ACE (standby) and then switched over all context to the second one. The problem is that when I made the second one to be active, some services were not working, especially the ones with ssl terminated in ACE. I'm pretty sure that both ACEs were in sync.

Any idea what is the problem?

0 Helpful

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee
In response to Charles_Chi4

‎03-07-2011 01:36 AM

Hi Charles,

At this point, the best is probably to open a TAC case to get this issue investigated further. We will have to check your configuration to understand where are these connections coming from.

As I mentioned in my last message, it would be good to identify the IP address generating these connections to figure out which device is generating them

Regards

Daniel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents