09-19-2012 01:08 AM
Hi,
We are using several contexts for each customer in our ACE module.
One of the customer contexts needs to activate XML API to control their services.
I've tried to activate it, but cannot get any http response, what can be missing?
ACE10 version A2(3.6a)
class-map type management match-any HTTP-ALLOW_CLASS
2 match protocol http source-address 10.110.0.0 255.255.254.0
3 match protocol http source-address 10.60.208.80 255.255.255.248
class-map type management match-any HTTPS-ALLOW_CLASS
2 match protocol https source-address 10.110.0.0 255.255.254.0
3 match protocol https source-address 10.60.208.80 255.255.255.248
policy-map type management first-match ALLOW-MGMT-POLICY
class ICMP-ALLOW-CLASS
permit
class HTTPS-ALLOW_CLASS
permit
class HTTP-ALLOW_CLASS
permit
service-policy input ALLOW-MGMT-POLICY
interface vlan 2693
ip address 10.60.208.85 255.255.255.248
alias 10.60.208.84 255.255.255.248
peer ip address 10.60.208.86 255.255.255.248
access-group input OUTSIDE_IN
service-policy input WEB-VIP
no shutdown
access-list OUTSIDE_IN line 8 extended permit icmp any any
access-list OUTSIDE_IN line 16 extended permit tcp any any eq www
access-list OUTSIDE_IN line 17 extended permit tcp any any eq https
09-19-2012 10:51 AM
Hi,
Not sure if you already have this but you need a match for the xml-https traffic like this:
class-map type management match-any XML-HTTPS-ALLOW_CLASS
2 match protocol xml-https source-address 10.110.0.0 255.255.254.0
3 match protocol xml-https source-address 10.60.208.80 255.255.255.248
policy-map type management first-match ALLOW-MGMT-POLICY
class ICMP-ALLOW-CLASS
permit
class HTTPS-ALLOW_CLASS
permit
class HTTP-ALLOW_CLASS
permit
class XML-HTTPS-ALLOW_CLASS
permit
-----------------------------------------
Cesar R
09-19-2012 11:25 AM
Hi,
Thank you for the reply.
I've tried this command, but it will not accept the xml-https parameter.
-----------------------------------------------------
ACE1/104170-z63(config)# class-map type management match-any XML-HTTPS-ALLOW_CLASS
ACE1/104170-z63(config-cmap-mgmt)# 2 match protocol xml-https source-address 10.110.0.0 255.255.254.0
^
% invalid command detected at '^' marker.
ACE1/104170-z63(config-cmap-mgmt)#
ACE1/104170-z63(config)# class-map type management match-any XML-HTTPS-ALLOW_CLASS
ACE1/104170-z63(config-cmap-mgmt)# 2 match protocol ?
http Configure management access using HTTP
https Configure management access using secure HTTP
icmp Configure management access for ICMP protocol
kalap-udp Configure management access using KAL-AP over UDP
snmp Configure management access using SNMP
ssh Configure management access using Secure SHell
-----------------------------------------------------
Hardware is ACE10 with Version A2(3.6a) [build 3.0(0)A2(3.6a)]
Maybe xml api is not supported on this version...?
09-19-2012 12:16 PM
Hi,
Take a look in this guidelines and restrictions;
There is also some sampels of XML over HTTP/HTTPS
------------------------------
Cesar R
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide