Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
845
Views
0
Helpful
2
Replies

ACE module in ASN set up not passing URL

Phyziks42
Level 1
Level 1

‎08-14-2012 02:55 PM

Hello all,

I have an interesting issue. I have an ACE30 set up in ASN mode (see http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/slb/guide/slbgd.html)

I do see the connection to the server establish, but the server admin informs me that they are performing URL filtering and that my packets do not contain a URL! I am not sure what exactly I should do about this.

Config on ACE context:

access-list INBOUND line 10 extended permit ip any any

probe https TMG-Exchange

  ssl version all

rserver host real1

  ip address 10.50.102.77

  inservice

rserver host real2

  ip address 10.50.102.78

  inservice

serverfarm host FARM_VIP_10.50.103.239

  transparent

  rserver real1

    inservice

  rserver real2

    inservice

class-map match-all VIP_CLASS

  2 match virtual-address 10.50.103.239 any

class-map type management match-any mgmt-cm

  2 match protocol icmp any

  3 match protocol ssh source-address 10.48.0.0 255.240.0.0

policy-map type management first-match mgmt-pm

  class mgmt-cm

    permit

policy-map type loadbalance first-match lbpol

  class class-default

    serverfarm FARM_VIP_10.50.103.239

policy-map multi-match LBPOL

  class VIP_CLASS

    loadbalance vip inservice

    loadbalance policy lbpol

    loadbalance vip icmp-reply active

    loadbalance vip advertise active

interface vlan 102

  description ONE ARM VLAN

  ip address 10.50.102.96 255.255.255.0

  no normalization

  access-group input INBOUND

  service-policy input LBPOL

  service-policy input mgmt-pm

  no shutdown

ip route 0.0.0.0 0.0.0.0 10.50.102.251

Any ideas?

Labels:
0 Helpful
2 Replies 2

Jorge Bejarano
Level 4
Level 4

‎08-14-2012 04:45 PM

Hello Mikael,

Could you explain yourself better? Do you mean you need to match a specific URL or what exactly?

Jorge

0 Helpful

Phyziks42
Level 1
Level 1
In response to Jorge Bejarano

‎08-14-2012 04:56 PM

I do not need to match a specific URL. The application on the server does however. The server admin reports that connection is being refused as there is no URL included to match.

When setting this up as a one-arm config with source NAT everything works fine. Unfortunately, it is a requirement of the application that the client IP remain intact.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents