ACE unable to access through web browser.

ranjith.kanisan · ‎08-14-2012

Hi Team,

We have 4710 ACE in our network and currently we are using software version A3 2.0.

Currently we are not able to access the ACE through web interface but Telnet is happening properly. Connection is establing while we are doing the telnet to ACE through port 80 and port 443. Kindly suggest what will be the Issue? Please find the below dummy configuration.

resource-class SLB_STICKY

limit-resource all minimum 0.00 maximum unlimited

limit-resource sticky minimum 10.00 maximum equal-to-min

access-list ANY_Traffic_Permit line 8 extended permit ip any any

access-list ANY_Traffic_Permit line 16 extended permit icmp any any

class-map type management match-any CM_Remote_MGMT

description *** Class-Map defined the permitted Protocol list for Remote Management ***

201 match protocol icmp any

202 match protocol telnet any

203 match protocol http any

204 match protocol https any

205 match protocol snmp any

policy-map type management first-match PM_Remote_MGMT

description *** Policy-Map defined the permitted Protocol list for Remote Management ***

class CM_Remote_MGMT

permit

interface vlan 60

ip address 10.160.7.3 255.255.255.0

alias 10.160.7.2 255.255.255.0

peer ip address 10.160.7.4 255.255.255.0

no normalization

no icmp-guard

access-group input ANY_Traffic_Permit

access-group output ANY_Traffic_Permit

service-policy input PM_Remote_MGMT

no shutdown

Thanks in advance..

Regards,

Ranjith

sivaksiv · ‎08-14-2012

Hi Ranjith,

Did you get the login page when you access via GUI? or any error message?

there is a known bug just displays a blank after when you login

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv95366

Regards,

Siva

ranjith.kanisan · ‎08-14-2012

Hi Siva,

We are not getting any login page while accessing ACE through webbrowser. We are getting the same responce after rebooted the ACE also.

Regards,

Ranjith

sivaksiv · ‎08-14-2012

Hi Ranjith,

I dont see any problem with the config as per the doc.

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/quick/guide/setup.html#wp1010367

What browser are you using? Did you atleast get a message to accept the SSL certificate as trusted when you access https://10.160.7.3

Regards,

Siva

ranjith.kanisan · ‎08-14-2012

Hi Siva,

We have tested with IE and Mozilla. We are not getting any certificate error while accesing ACE https://10.160.7.3.

Regards,

Ranjith

sivaksiv · ‎08-14-2012

Ranjith,

Can you check if the DM is running.

switch/Admin# dm status

If you see that the status is "STOPPED," restart the Device Manager using the dm reload command, make it running then try accessing again.

Regards,
Siva

ranjith.kanisan · ‎08-15-2012

Hi Siva,

dm status command is not taking in Version A3(2.0). So how we can check device manager is running in A3(2.0)?

Regards,

Ranjith

sivaksiv · ‎08-15-2012

Hi Ranjith,

Can you try "dm reload" first, its a hidden command so type the full command and then check the dm status.

Regards,
Siva

ranjith.kanisan · ‎08-15-2012

Hi Siva,

Whether box wil reboot after running this command?

Regards,

Ranjith

sivaksiv · ‎08-15-2012

Hi Ranjith,

No.

Regards,
Siva

ranjith.kanisan · ‎08-16-2012

Hi Siva,

We have done the dm reload in Cisco ACE but now also we are getting the same responce. Please find the below mentioned output.

LB-01/Admin# dm status

DM ROOT:

DM HOME: /opt/CSCOanm

JAVA_HOME: /opt/CSCOanm/jre

MYSQL_HOME: /opt/CSCOanm/mysql

java is /opt/CSCOanm/jre/bin/java

ANM : RUNNING (8700)

MySQL : RUNNING (8661)

LB-01/Admin#

LB-01/Admin# dm reload

LB-01/Admin#

Regards,

Ranjith

sivaksiv · ‎08-16-2012

Hi Ranjith,

You might require a TAC case to troubleshoot this further, if necessary to run some debugs. Before that I would recommend you to upgrade to a latest software version and see if it works.

Regards,

Siva

ajayku2 · ‎08-16-2012

Hi Ranjith,

Do you have any proxy setting on the browsers?

Take a packet capture to see where it fails.

Raise a TAC case if the above does not help you.

regards,

Ajay Kumar