Solved: ACE rediction

Denis Spichkin · ‎10-08-2010

Hi everybody

I'm new with ACE4710 maybe someone can help me with it.

I need create configuration where:

if ACE's got packets from IP 10.10.10.10 on port 8888 (OUTSIDE int) it has to redirected to 11.11.11.11 port 8888 (INSIDE int)

if ACE's got from any other IP it also has to redirected to 11.11.11.11 port 8888 however if URL consist next http://../restrected/* it has to be redirected https://../restrected/* at the same server(11.11.11.11).

Thank you very much in advance.

Pablo · ‎10-09-2010

Hi Denis,

Thanks for clearing that up.

Attached is the configuration example, I tried to keep it as simple as possible, a couple of things to mention:

-Port 443 doesn't need to be configured on the redirect rserver as this is the default HTTPS port.

- I used XYZ serverfarm assuming the same servers are going to receive the same traffic for 8888 and 443, if this is not true let me know and I'll change the config accordingly.

HTH

__ __

Pablo

View solution in original post

Pablo · ‎10-10-2010

Hi Denis,

Sorry that was supposed tobe a match-any class-map type as "ABC" is I copied it wrong when preparing the configuration

Glad to be of help =)

Have a good one!

__ __

Pablo

View solution in original post

Pablo · ‎10-08-2010

Hi Denis,

I can give you a hand with this config but first, do you have a copy of the current config that you can paste in here?

Is 10.10.10.10 the source of the requests or the IP that you're planning to use as the VIP along with 11.11.11.11

i.e

10.10.10.10 = abc.com

11.11.11.11 = xyz.com

So if any source comes to http://abc.com:8888 they should get redirected to http://xyz.com:8888 and in case the request comes as

http://abc.com:8888/restrected/* then they're going to be redirected to https://xyz.com:8888/restrected/*

Let me know if I missed/misunderstood something here

Thanks

__ __

Pablo

Denis Spichkin · ‎10-08-2010

Thank you very much for your answer juporras

Current config is absolutely empty now :-)

I'm trying fingure out how i can do it

_________________________________________________________________________________________________

>10.10.10.10 = abc.com

>11.11.11.11 = xyz.com

>So if any source comes to http://abc.com:8888 they should get redirected to http://xyz.com:8888 and in case the request comes as

>http://abc.com:8888/restrected/* then they're going to be redirected to https://xyz.com:8888/restrected/*

___________________________________________________________________________________________________

Yes, the idea as you have written but with a small correction

if any source comes to http://abc.com:8888 they should get redirected to http://xyz.com:8888 and in case the source is any other adress and URL consist /restrected/* then they're going to be redirected to https://xyz.com:8888/restrected/* but if URL does not consist /restrected/* just got to http://xyz.com:8888

Pablo · ‎10-08-2010

Denis,

Gotcha, I'll send you a config sample in a bit.

Something that just popped-up to my mind is that we might need to use a different port than 8888 for http(s)://xyz.com unless you're running

SSL and WWW on the same TCP port on your backend servers.

My guess is that you want http over port 8888 and https on 443.

Thanks.

__ __

Pablo

Denis Spichkin · ‎10-08-2010

Yes you right.It's my mistake in discription idea.

if any source comes to http://abc.com:8888 they should get redirected to http://xyz.com:8888 and in case the source is any other adress and URL consist /restrected/* then they're going to be redirected to https://xyz.com:443/restrected/* but if URL does not consist /restrected/* just got to http://xyz.com:8888

Pablo · ‎10-09-2010

Hi Denis,

Thanks for clearing that up.

Attached is the configuration example, I tried to keep it as simple as possible, a couple of things to mention:

-Port 443 doesn't need to be configured on the redirect rserver as this is the default HTTPS port.

- I used XYZ serverfarm assuming the same servers are going to receive the same traffic for 8888 and 443, if this is not true let me know and I'll change the config accordingly.

HTH

__ __

Pablo

Denis Spichkin · ‎10-10-2010

Huge thank juporras for your help. It's really help me.

I have only one small question

iis it possible to have more that one match in case of using match-all

class-map match-all XYZ
2 match virtual-address 10.10.10.10 tcp eq 8888
3 match virtual-address 10.10.10.10 tcp eq 443

When i've tried to add second match I got message:

Error: Only one match virtual-address is allowed in a match-all class-map and it cannot mix with any other match type

so i've created another class

class-map match-all XYZ1

match virtual-address 10.10.10.10 tcp eq 443

and add this class in policy

policy-map multi-match LB

class XYZ1

....

other things work well

Thank you very much.....

Pablo · ‎10-10-2010

Hi Denis,

Sorry that was supposed tobe a match-any class-map type as "ABC" is I copied it wrong when preparing the configuration

Glad to be of help =)

Have a good one!

__ __

Pablo