Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
854
Views
0
Helpful
4
Replies

ACE Policy is not working

wasiimcisco
Level 1
Level 1

‎06-17-2011 11:10 AM

Hi,

I have ACE 4710 in context mode. I am doing internet browsing (Port 80) redirection to two proxy servers (Transparent Proxy) as well as I am using this ACE box for multiple other servers load balancing.

I have multiple policies applied on my LAN interface (VLAN 300) where all the users and servers are connected.

Now I am facing problem with one application (PLATTS) which is oil company related application. This application is working fine while directly connected with Internet (extrenal internet connection) or by giving explicit proxy in the user browser.

But In transparent proxy This application is not working and my company policy only allow the transparent proxy not explicit proxy.

Now if on my interface vlan 300 i will remove the service-policy input PM_MAIN_BCPROXY my application will start working but i cant redirect the port 80 traffic to my proxy servers which is also my requirement.

interface vlan 300

  description ACE-INSIDE CONTEXT RACK1

  ip address 192.168.0.65 255.255.255.224

  alias 192.168.0.73 255.255.255.224

  peer ip address 192.168.0.66 255.255.255.224

  no normalization

  mac-address autogenerate

  no icmp-guard

  access-group input acl-in

  nat-pool 5 172.23.16.5 172.23.16.5 netmask 255.255.255.255 pat

  nat-pool 4 172.23.16.4 172.23.16.4 netmask 255.255.255.255 pat

  nat-pool 3 172.23.16.3 172.23.16.3 netmask 255.255.255.255 pat

  nat-pool 1 172.23.16.2 172.23.16.2 netmask 255.255.255.255 pat

  service-policy input PM_BYPASS_PLATTS

  service-policy input PM_ENOC_Servers

  service-policy input PM_RT_FAX

  service-policy input PM_ITSM_Web_Server

  service-policy input PM_ITSM_MAPP_Server

  service-policy input PM_BYPASS_FOR_LAN_HTTP

  service-policy input PM_BYPASS_HTTP

service-policy input PM_MAIN_BCPROXY

=============================================================================================

This application use multiple destinations for connectivity and I have even tried by passing the destination IP addresses by making bypass policy but still no luck.

I want this application to work as well as redirection of port 80. I even try re-ordering the policy sequence but no luck. Can you please help me out how to achieve this application to work as well as redirectino of port 80 for Internet.

I have attached the full configuration as welll.

I will be very thankful if someone can help me on this.

Labels:
101785-ACE01Rack1-config.txt.zip
0 Helpful
4 Replies 4

Jorge Bejarano
Level 4
Level 4

‎06-17-2011 08:44 PM

Which are the VIP, serverfarm and rserver involved into the situation?

0 Helpful

wasiimcisco
Level 1
Level 1
In response to Jorge Bejarano

‎06-18-2011 01:33 AM

Hi,

This application has no VIP and serverform.

My traffic is passing through the ACE and when traffic passing ACE policy for redirection of port 80 is droping traffic. If i remove my last service policy on the interface this application will start working

Sent from Cisco Technical Support iPhone App

0 Helpful

wasiimcisco
Level 1
Level 1

‎06-19-2011 12:32 PM

Waiting for someone to help me out

Sent from Cisco Technical Support iPhone App

0 Helpful

wasiimcisco
Level 1
Level 1
In response to wasiimcisco

‎06-21-2011 01:26 AM

Hi,

request you to please assist me

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card