yes you are right about the request. No matter what but the user request always redirect to inb-weblogic. not the one configured. 

the class gsb2 is also configured with redirect rservers with url but i removed it from vlan 415 interface becuase they both are landing on 443 on same VIP but then moving onto different serverfarms. 

i ll make the changes and will update you shortly. thanks for your response.

regards

Hi Usman,

I don't see redirect server and serverfarm. But please note that if users are coming on 443 then redirect will not work unless you have proper configuration in place like SSL-PROXY. ACE should be able to look into the HTTP to redirect. But doing loadbalancing on URL matching is another thing and that configuration looks fine. May be we need to see what is client coming with here? Pcaps would help here.

Regards,

Kanwal

1883: msg_type: PKT_XMT
con_id: 1644783                                  other_con_id: 0
message_hex_dump:
0x0000: 4010 01a6 0050 8034 fffc 0012 0000 0000  @....P.4........
0x0010: 0004 0050 56b6 043c 000b fcfe 1b01 0800  ...PV..<........
0x0020: 4500 0186 8c77 0000 ff06 dc00 0a02 67ec  E....w........g.
0x0030: 0a02 67a1 565c 1e62 69b1 3b5b e667 93f8  ..g.V\.bi.;[.g..
0x0040: 5018 8000 0000 0000 4745 5420 2f66 6f72  P.......GET./for
0x0050: 6d73 2f66 726d 7365 7276 6c65 743f 636f  ms/frmservlet?co
0x0060: 6e66 6967 3d67 7362 3226 6966 7365 7373  nfig=gsb2&ifsess
0x0070: 6964 3d57 4c53 5f46 4f52 4d53 2e66 6f72  id=WLS_FORMS.for

hi kanwalsi,

i did the capture but i am unable to see the url coming from the user can you help me a little over it plz,

i tried to remove the default class and add class map others with inb-ssl and its inb-weblogic as soon as i done it both are not working. and when i place the default with the serverfarm sticky the url with geor works however other dont with gsb2

Hi Usman,

Please send me the pcaps and ensure that they can be opened in wireshark. Btw  you can see the URL there. GET./forms/frmservlet?config=gsb2 in different lines. If you open the pcaps in wireshark, you should see clearly everything.

You should also tell me what exactly is the requirement. You mentioned something about redirect but i don't see any redirect server or serverfarm configured.

You can also do , show service-policy <policy name> detail to see which class and L7 policy is being used. Did you try using parsing non-strict?

Regards,

Kanwal

please review the capture file. i can see both address coming complete with no issues but wrongly redirected towards serverfarms

KINDLY PLEASE REVIEW THE PCAP FILE, i hope to hear from you soon

Hi Usman,

Unable to download the pcaps and when clicking on it it opens in browser and it is all junk characters. Anyways, i was thinking at the back of my mind that something was missing. Please have a look at this discussion:

https://supportforums.cisco.com/discussion/11698311/ace-match-http-url-issue

So in short, the ACE is unable to parse after ? and you will need secondary cookie configuration as discussed in above link for ACE to parse the request after ? and take a loadbalancing decision and redirect the client to appropriate serverfarm.

Hope this helps!

Regards,

Kanwal

hey kanwalsi,

i did tried with non strict and secondary cookie none but that http param changed nothing. and the results are still the same

Hi Usman,

I would have liked to TS this with you but i guess you can open a TAC case here. If ACE is matching the class-default even after doing "set secondary-cookie start none" and parsing non strict, then i guess we need to see what exactly is going on. But i didn't find any class inb in the big configuration that you have sent. You can also check what service-policy your traffic is matching?

Regards,

Kanwal

HERE I ZIP THE FILE AND ATTACHED THE PCAP FILE TOO 

no ft auto-sync startup-config

logging enable
logging buffered 6
logging device-id context-name
no logging message 400000

boot system image:c4710ace-t1k9-mz.A5_2_1e.bin
boot system image:c4710ace-t1k9-mz.A5_1_2.bin

hostname ACE01
interface gigabitEthernet 1/1
  description MGMT VLAN 1000
  qos trust cos
  switchport access vlan 1000
  no shutdown
interface gigabitEthernet 1/2
  description VIP VLAN 415
  qos trust cos
  switchport access vlan 415
  no shutdown
interface gigabitEthernet 1/3
  description RIP Trunk Vlans 16 18
  qos trust cos
  switchport trunk allowed vlan 16,18
  no shutdown
interface gigabitEthernet 1/4
  description HA VLAN 416
  qos trust cos
  ft-port vlan 416
  no shutdown

aaa accounting default group tacacs

access-list ALL line 8 extended permit ip any any
access-list sticky line 1 extended permit tcp any any eq https
access-list sticky line 5 extended permit tcp any any eq www
access-list sticky line 6 extended permit ip any any
access-list sticky line 7 extended permit icmp any any
access-list sticky line 8 extended permit tcp any any
access-list sticky line 9 extended permit tcp any any eq 401
access-list www line 8 extended permit ip any any

probe echo tcp ECO-SIS-SSB
  description ECHO FOR SIS-SSB.index.ca
  ip address 10.2.xx.xx
  port 443
probe https HTTPS-SIS-SSB
  description https for SIS-SSB
  ssl version all
probe icmp ICMP-PROBE-OFM-103.161
  description ICMP PROBE FOR OFMOAS02 10.2.xx.xx
  ip address 10.2.xx.xx
probe icmp ICMP-PROBE-OFM-163
  description ICMP PROBE FOR OFMOAS 10.2.103.163
  ip address 10.2.103.163
probe icmp ICMP-PROBE-OFM-SERVERS
  description ICMP PROBE FOR NEW SERVERS OFMOAS01 & 02 10.2.xx.xx
  ip address 10.2.103.160
probe icmp ICMP-PROBE-OFMOAS-162
  description ICMP PROBE FOR OFMOAS 10.2.xx.xx
  ip address 10.2.xx.xx
probe icmp ICMP-PROBE-0170
  description PROBE FOR 10.2.xx.xx0170
  ip address 10.2.xx.xx
probe icmp ICMP-PROBE-10.2.xx.xx171
  description ICMP PROBE FOR 10.2.xx.xx0171 10.2.xx.xx
  ip address 10.2.xx.xx

rserver host ofmoas01
  ip address 10.2.xx.xx
  conn-limit max 4000000 min 4000000
  probe ICMP-PROBE-OFM-SERVERS
  inservice
rserver host ofmoas02
  ip address 10.2.xx.xx
  conn-limit max 4000000 min 4000000
  probe ICMP-PROBE-OFM-103.161
  inservice
rserver host ofmoas03
  ip address 10.2.xx.xx
  conn-limit max 4000000 min 4000000
  probe ICMP-PROBE-OFMOAS-162
  inservice
rserver host ofmoas04
  description GSB1 datase instance for ORACLE FORMS INB APP
  ip address 10.2.xx.xx
  conn-limit max 4000000 min 4000000
  probe ICMP-PROBE-OFM-163
  inservice
rserver host spwfe01.admin.index.ca
  description Share point server
  ip address 10.2.100.15
  conn-limit max 4000000 min 4000000
  inservice
rserver host spwfe02.admin.index.ca
  description  Sharepoint Server
  ip address 10.2.100.16
  conn-limit max 4000000 min 4000000
  inservice
rserver host spwfe03.admin.index.ca
  description rrie Share Point Server
  ip address 10.2.100.17
  conn-limit max 4000000 min 4000000
  inservice
rserver host 10.2.xx.xx0170.index.ca
  description OLD TOUCHNET SERVER
  ip address 10.2.100.121
  conn-limit max 4000000 min 4000000
  probe ICMP-PROBE-10.2.xx.xx0170
  inservice
rserver host 10.2.xx.xx0171.index.ca
  description OLD TOUCHNET SERVER 2
  ip address 10.2.xx.xx
  conn-limit max 4000000 min 4000000
  probe ICMP-PROBE-10.2.xx.xx171
  inservice
rserver host tsssbinb01.index.ca
  ip address 10.2.100.46
  conn-limit max 4000000 min 4000000
  inservice

serverfarm host SharePoint-ServerFarm
  description Sharepoint Server Farm
  innd-health check count
  rserver ofmoas01 80
    inservice standby
  rserver ofmoas02 80
    inservice standby
  rserver ofmoas03 80
    inservice standby
  rserver spwfe01.admin.index.ca 80
    ckup-rserver ofmoas02 80
    conn-limit max 4000000 min 4000000
    inservice
  rserver spwfe02.admin.index.ca 80
    ckup-rserver ofmoas03 80
    conn-limit max 4000000 min 4000000
    inservice
  rserver spwfe03.admin.index.ca 80
    ckup-rserver ofmoas01 80
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host TEST
  predictor hash url
  rserver ofmoas01 8888
    conn-limit max 4000000 min 4000000
    inservice
  rserver ofmoas02 8888
    conn-limit max 4000000 min 4000000
    inservice
  rserver ofmoas04 7778
    conn-limit max 4000000 min 4000000
    inservice
serverfarm redirect inb-redirect-gsb4-series-serverfarm
  description GSB-4 REDIRECTION SERVERFARMS THIS IS FOR GSB4 REDIRECTION
serverfarm host inb-weblogic
  description JAVA SED ORACLE APPLICATION
  rserver ofmoas01 7778
    inservice
  rserver ofmoas02 7778
    inservice
serverfarm host inb-weblogic-gsb1
  description Serverfarm for inb app GSB1 datase instance
  rserver ofmoas04 8888
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host inb-weblogic-gsb2
  description Serverfarm for inb app GSB2 datase instance
  rserver ofmoas04 8888
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host inb-weblogic-gsb3
  description Serverfarm for inb app GSB3 datase instance
  rserver ofmoas04 8888
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host inb-weblogic-gsb4
  description Serverfarm for inb app GSB4 datase instance
  rserver ofmoas04 8888
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host inb-weblogic-gsb5
  description Serverfarm for inb app GSB5 datase instance
  rserver ofmoas04 8888
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host inb-weblogic-gsb6
  description Serverfarm for inb app GSB6 datase instance
  rserver ofmoas04 8888
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host inb-weblogic-upg1
  description Serverfarm for inb app UPG-1 datase instance
  rserver ofmoas03 8888
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host inb-weblogic-upg2
  description Serverfarm for inb app UPG-2 datase instance
  rserver ofmoas03 8888
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host sis-ssb-tnscommerce-Serverfarm-4445
  description tns commerce touchnet server farms
  rserver tsssbinb01.index.ca 7777
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host ssb-gsb1-serverfarm
  description weblogic SSB GSB1 Serverfarm for 9010
  rserver ofmoas04 9010
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host ssb-gsb2-Serverfarm
  description server farm for gsb 2 9020
  rserver ofmoas04 9020
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host ssb-gsb3-serverfarm
  description server farm gsb3 9030
  rserver ofmoas04 9030
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host ssb-gsb4-serverfarm
  description Server farm for gsb4 9040
  rserver ofmoas04 9040
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host ssb-gsb5-serverfarm
  description server farm gsb5 9050
  rserver ofmoas04 9050
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host ssb-gsb6-serverfarm
  description server farm gsb6 9060
  rserver ofmoas04 9060
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host ssb-touchnet-4443
  description Serverfarm for ssb touchnet 31000
  rserver 10.2.xx.xx0170.index.ca 31000
    conn-limit max 4000000 min 4000000
    inservice
  rserver 10.2.xx.xx0171.index.ca 31000
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host ssb-touchnet-4444
  description Serverfarm for ssb touchnet
  rserver 10.2.xx.xx0170.index.ca 32000
    conn-limit max 4000000 min 4000000
    inservice
  rserver 10.2.xx.xx0171.index.ca 32000
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host ssb-web-cookie
  description for web sed and cookie
  predictor leastconns
  rserver ofmoas01
    inservice
  rserver ofmoas02
    inservice
serverfarm host ssb-weblogic
  description WEB SED ORACLE APPLICATION
  rserver ofmoas01 8888
    conn-limit max 4000000 min 4000000
    inservice
  rserver ofmoas02 8888
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host ssb-weblogic-old
  description OLD SERVERS
  rserver 10.2.xx.xx0170.index.ca 8888
    conn-limit max 4000000 min 4000000
    inservice
  rserver 10.2.xx.xx0171.index.ca 8888
    conn-limit max 4000000 min 4000000
    inservice
serverfarm host tsssbinb-ServerFarm-443
  rserver tsssbinb01.index.ca 12004
    conn-limit max 4000000 min 4000000
    inservice

parameter-map type http inb-parsing-http
  persistence-relance
  length-exceed continue
  parsing non-strict
  set secondary-cookie-start none
parameter-map type generic ssb-gsb1
  case-insensitive
parameter-map type http ssb-http-GSB1-Parsing
  persistence-relance
  length-exceed continue
  parsing non-strict
  set secondary-cookie-delimiters /&
parameter-map type http ssb-http-url-parsing
  persistence-relance
  length-exceed continue
  parsing non-strict
  set secondary-cookie-delimiters /&=
parameter-map type ssl ssb-rehandshake
  rehandshake enabled

sticky http-cookie cookie ssb-cookie
  cookie insert browser-expire
  serverfarm ssb-weblogic
  timeout 12
sticky ssl ssb-ssl-sticky
  response sticky
  serverfarm ssb-weblogic
  replicate sticky
sticky ip-netmask 255.255.255.255 address source ssb-group1
  serverfarm ssb-weblogic
  timeout 1
  timeout activeconns
  replicate sticky
sticky ip-netmask 255.255.255.255 address source inb-group
  serverfarm inb-weblogic
  timeout 1
  replicate sticky
sticky ip-netmask 255.255.255.255 address source inb-group-gsb1
  serverfarm inb-weblogic-gsb2
  timeout 1
  timeout activeconns
  replicate sticky
sticky ip-netmask 255.255.255.255 address source inb-group-gsb2
  serverfarm inb-weblogic-gsb2
  timeout 1
  replicate sticky
sticky ip-netmask 255.255.255.255 address source inb-group-gsb3
  serverfarm inb-weblogic-gsb3
  timeout 1
  timeout activeconns
  replicate sticky
sticky ip-netmask 255.255.255.255 address source inb-group-gsb4
  serverfarm inb-weblogic-gsb4
  timeout 1
  timeout activeconns
  replicate sticky
sticky ip-netmask 255.255.255.255 address source inb-group-gsb5
  serverfarm inb-weblogic-gsb5
  timeout 1
  timeout activeconns
  replicate sticky
sticky ip-netmask 255.255.255.255 address source inb-group-gsb6
  serverfarm inb-weblogic-gsb6
  timeout 1
  timeout activeconns
  replicate sticky
sticky ip-netmask 255.255.255.255 address source inb-group-upg1
  serverfarm inb-weblogic-upg1
  timeout 12
  replicate sticky
sticky ip-netmask 255.255.255.255 address source inb-group-upg2
  serverfarm inb-weblogic-upg2
  timeout 12
  replicate sticky
sticky ip-netmask 255.255.255.255 address source ssb-touchnet4444-sticky-group
  serverfarm ssb-touchnet-4444
  timeout 1
  replicate sticky
sticky ip-netmask 255.255.255.255 address source ssb-touchnet4443-sticky-group
  serverfarm ssb-touchnet-4443
  timeout 1
  replicate sticky
sticky ip-netmask 255.255.255.255 address source ssb-group-gsb2
  serverfarm ssb-gsb2-Serverfarm
  timeout 1
  timeout activeconns
  replicate sticky
sticky ip-netmask 255.255.255.255 address source ssb-group-gsb1
  serverfarm ssb-gsb1-serverfarm
  timeout 1
  timeout activeconns
  replicate sticky
sticky ip-netmask 255.255.255.255 address source ssb-group-OLD-servers
  serverfarm ssb-weblogic-old
  timeout 1
  replicate sticky
sticky ip-netmask 255.255.255.255 address source ssb-group-gsb3
  serverfarm ssb-gsb3-serverfarm
  timeout 1
  timeout activeconns
  replicate sticky
sticky ip-netmask 255.255.255.255 address source sis-ssb-tnscommerce4445-group
  serverfarm sis-ssb-tnscommerce-Serverfarm-4445
  timeout 12
  replicate sticky
sticky ip-netmask 255.255.255.255 address source tssbinb-group-sticky
  timeout 1
  replicate sticky

ssl-proxy service inb-java-ssl-crt
  key sis-inb-2012.key
  cert sis-inb-2012.crt
ssl-proxy service inb-java-ssl-crt-gsb1
  key sis-inb-2012.key
  cert sis-inb-2012.crt
ssl-proxy service inb-java-ssl-crt-gsb2
  key sis-inb-2012.key
  cert sis-inb-2012.crt
ssl-proxy service inb-java-ssl-crt-gsb3
  key sis-inb-2012.key
  cert sis-inb-2012.crt
ssl-proxy service inb-java-ssl-crt-gsb4
  key sis-inb-2012.key
  cert sis-inb-2012.crt
ssl-proxy service inb-java-ssl-crt-gsb5
  key sis-inb-2012.key
  cert sis-inb-2012.crt
ssl-proxy service inb-java-ssl-crt-gsb6
  key sis-inb-2012.key
  cert sis-inb-2012.crt
ssl-proxy service inb-java-ssl-crt-upg1
  key sis-inb-2012.key
  cert sis-inb-2012.crt
ssl-proxy service inb-java-ssl-crt-upg2
  key sis-inb-2012.key
  cert sis-inb-2012.crt
ssl-proxy service ssb-web-ssl-crt
  key sis-ssb-2012.key
  cert sis-ssb-2012.crt

class-map type http loadlance match-all inb-ssl-L7-class
  2 match http url /forms/frmservlet?config=geor
class-map type http loadlance match-all inb-ssl-L7-class-gsb1
  2 match http url /forms/frmservlet?config=gsb.*
class-map type http loadlance match-all inb-ssl-L7-class-gsb2
  2 match http url /forms/frmservlet?config=gsb.*
class-map type http loadlance match-all inb-ssl-L7-class-gsb3
  2 match http url https://sis-inb.index.ca/forms/frmservlet?config=gsb3
class-map type http loadlance match-all inb-ssl-L7-class-gsb4
  2 match http url https://sis-inb.index.ca/forms/frmservlet?config=gsb4
class-map type http loadlance match-all inb-ssl-L7-class-gsb5
  2 match http url https://sis-inb.index.ca/forms/frmservlet?config=gsb5
class-map type http loadlance match-all inb-ssl-L7-class-gsb6
  2 match http url https://sis-inb.index.ca/forms/frmservlet?config=gsb6
class-map type http loadlance match-all inb-ssl-L7-class-upg1
  2 match http url /
class-map type http loadlance match-all inb-ssl-L7-class-upg2
  2 match http url /forms/frmservlet
class-map type management match-any mgmt-cm
  2 match protocol xml-https any
  3 match protocol icmp any
  4 match protocol telnet any
  5 match protocol ssh any
  6 match protocol http any
  7 match protocol https any
  8 match protocol snmp any
class-map match-all sis-inb.index.ca
  2 match virtual-address 10.2.xx.xx tcp eq https
class-map match-all sis-inb.index.ca.GSB1
  2 match virtual-address 10.2.100.132 tcp eq 1630
class-map match-all sis-inb.index.ca.GSB2
  2 match virtual-address 10.2.100.132 tcp eq https
class-map match-all sis-inb.index.ca.GSB3
  2 match virtual-address 10.2.100.132 tcp eq 1633
class-map match-all sis-inb.index.ca.GSB4
  2 match virtual-address 10.2.100.132 tcp eq 1634
class-map match-all sis-inb.index.ca.GSB5
  2 match virtual-address 10.2.100.132 tcp eq 1635
class-map match-all sis-inb.index.ca.GSB6
  2 match virtual-address 10.2.100.132 tcp eq 1636
class-map match-all sis-inb.index.ca.upg1
  2 match virtual-address 10.2.100.132 tcp eq 1731
class-map match-all sis-inb.index.ca.upg2
  2 match virtual-address 10.2.100.132 tcp eq 1732
class-map type http loadlance match-all sis-ssb-tnscommerce4445-L7-Loadlance
  2 match http url /
class-map match-all sis-ssb.index.ca
  description SSB APPLICATIONS ON WEB
  2 match virtual-address 10.2.xx.xx tcp eq https
class-map match-all sis-ssb.index.ca.4445
  2 match virtual-address 10.2.xx.xx tcp eq 4445
class-map match-all sis-ssb.index.ca.GSB1
  2 match virtual-address 10.2.xx.xx tcp eq https
class-map match-all sis-ssb.index.ca.touchnet4443
  2 match virtual-address 10.2.xx.xx 255.255.255.0 tcp eq 4443
class-map match-all sis-ssb.index.ca.touchnet4444
  2 match virtual-address 10.2.xx.xx 255.255.255.0 tcp eq 4444
class-map type http loadlance match-all ssb-ssl-L7-class
  2 match http url /geor/twbkwbis.P_GenMenu?name=homepage
class-map type http loadlance match-all ssb-ssl-gsb1-L7-loadlance
  2 match http url /GSB1/twbkwbis.P_GenMenu
class-map type http loadlance match-all ssb-ssl-gsb2-L7-loadlance
  2 match http url /gsb2/twbkwbis.P_GenMenu
class-map type http loadlance match-all ssb-ssl-gsb3-L7-Loadlance
  2 match http url /gsb3/twbkwbis.P_GenMenu
class-map type http loadlance match-all ssb-touchnet4443-L7class
  2 match http url /
class-map type http loadlance match-all ssb-touchnet4444-L7class
  2 match http url /
class-map match-all tssbinb-virtual-server-443
  2 match virtual-address 10.2.xx.xx tcp eq https
class-map match-all tsssbinb-12004-class
  2 match virtual-address 10.2.xx.xx tcp eq https
class-map match-all tsssbinb-virtual-server-443-L34
  2 match port tcp eq 12004
class-map type http loadlance match-all tsssbinb00-ssl-class
  2 match http url /

policy-map type management first-match remote_mgmt_allow_policy
  class mgmt-cm
    permit

policy-map type loadlance first-match inb-Policy-Loadlance-1st-Match
  class inb-ssl-L7-class
    sticky-serverfarm inb-group
  class inb-ssl-L7-class-gsb1
    sticky-serverfarm inb-group-gsb1
policy-map type loadlance first-match inb-Policy-Loadlance-1st-Match-gsb1
  class inb-ssl-L7-class-gsb1
    sticky-serverfarm inb-group-gsb1
  class class-default
    sticky-serverfarm inb-group-gsb1
policy-map type loadlance first-match inb-Policy-Loadlance-1st-Match-gsb2
  class class-default
    sticky-serverfarm inb-group-gsb2
policy-map type loadlance first-match inb-Policy-Loadlance-1st-Match-gsb3
  class inb-ssl-L7-class-gsb3
    sticky-serverfarm inb-group-gsb3
  class class-default
    sticky-serverfarm inb-group-gsb3
policy-map type loadlance first-match inb-Policy-Loadlance-1st-Match-gsb4
  class inb-ssl-L7-class-gsb4
    sticky-serverfarm inb-group-gsb4
  class class-default
    sticky-serverfarm inb-group-gsb4
policy-map type loadlance first-match inb-Policy-Loadlance-1st-Match-gsb5
  class inb-ssl-L7-class-gsb5
    sticky-serverfarm inb-group-gsb5
  class class-default
    sticky-serverfarm inb-group-gsb5
policy-map type loadlance first-match inb-Policy-Loadlance-1st-Match-gsb6
  class inb-ssl-L7-class-gsb6
    sticky-serverfarm inb-group-gsb6
  class class-default
    sticky-serverfarm inb-group-gsb6
policy-map type loadlance first-match inb-Policy-Loadlance-1st-Match-upg1
  class inb-ssl-L7-class-upg1
    sticky-serverfarm inb-group-upg1
  class class-default
    sticky-serverfarm inb-group-upg1
policy-map type loadlance first-match inb-Policy-Loadlance-1st-Match-upg2
  class inb-ssl-L7-class-upg2
    sticky-serverfarm inb-group-upg2
  class class-default
    sticky-serverfarm inb-group-upg2
policy-map type loadlance first-match sis-ssb-tnscomerce4445-Policy-Loadlance-1st-Match
  class sis-ssb-tnscommerce4445-L7-Loadlance
    sticky-serverfarm sis-ssb-tnscommerce4445-group
  class class-default
    sticky-serverfarm sis-ssb-tnscommerce4445-group
policy-map type loadlance first-match sis-ssb.index.ca.GSB1-l7slb
  class class-default
    sticky-serverfarm ssb-group-gsb1
policy-map type loadlance first-match ssb-Policy-Loadlance-1st-Match
  class ssb-ssl-L7-class
    sticky-serverfarm ssb-group-OLD-servers
  class class-default
    sticky-serverfarm ssb-group-OLD-servers
policy-map type loadlance first-match ssb-Policy-Loadlance-1st-Match-gsb1
  class ssb-ssl-gsb1-L7-loadlance
    sticky-serverfarm ssb-group-OLD-servers
  class class-default
    sticky-serverfarm ssb-group-OLD-servers
policy-map type loadlance first-match ssb-touchnet4443-Policy-loadlance-1st-Match
  class ssb-touchnet4443-L7class
    serverfarm ssb-touchnet-4443
  class class-default
    sticky-serverfarm ssb-touchnet4443-sticky-group
policy-map type loadlance first-match ssb-touchnet4444-Policy-loadlance-1st-Match
  class ssb-touchnet4444-L7class
    serverfarm ssb-touchnet-4444
  class class-default
    sticky-serverfarm ssb-touchnet4444-sticky-group
policy-map type loadlance first-match tssbinb-virtual-server-443-l7slb
  class tsssbinb00-ssl-class
    sticky-serverfarm tssbinb-group-sticky
  class class-default
    serverfarm tsssbinb-ServerFarm-443

policy-map multi-match glol
  class tssbinb-virtual-server-443
    loadlance vip inservice
    loadlance policy tssbinb-virtual-server-443-l7slb
    nat dynamic 3 vlan 415
policy-map multi-match inb-Policy-MultiMatch-Web
  class sis-inb.index.ca
    loadlance vip inservice
    loadlance policy inb-Policy-Loadlance-1st-Match
    loadlance vip icmp-reply
    nat dynamic 1 vlan 18
    appl-parameter http advanced-options inb-parsing-http
    ssl-proxy server inb-java-ssl-crt
policy-map multi-match inb-Policy-MultiMatch-gsb1
  class sis-inb.index.ca.GSB1
    loadlance vip inservice
    loadlance policy inb-Policy-Loadlance-1st-Match-gsb1
    loadlance vip icmp-reply
    nat dynamic 2 vlan 18
    appl-parameter http advanced-options inb-parsing-http
    ssl-proxy server inb-java-ssl-crt-gsb1
policy-map multi-match inb-Policy-MultiMatch-gsb2
  class sis-inb.index.ca.GSB2
    loadlance vip inservice
    loadlance policy inb-Policy-Loadlance-1st-Match-gsb2
    loadlance vip icmp-reply
    nat dynamic 2 vlan 18
    appl-parameter http advanced-options inb-parsing-http
    ssl-proxy server inb-java-ssl-crt-gsb2
policy-map multi-match inb-Policy-MultiMatch-gsb3
  class sis-inb.index.ca.GSB3
    loadlance vip inservice
    loadlance policy inb-Policy-Loadlance-1st-Match-gsb3
    loadlance vip icmp-reply
    nat dynamic 2 vlan 18
    ssl-proxy server inb-java-ssl-crt-gsb3
policy-map multi-match inb-Policy-MultiMatch-gsb4
  class sis-inb.index.ca.GSB4
    loadlance vip inservice
    loadlance policy inb-Policy-Loadlance-1st-Match-gsb4
    loadlance vip icmp-reply
    nat dynamic 2 vlan 18
    ssl-proxy server inb-java-ssl-crt-gsb4
policy-map multi-match inb-Policy-MultiMatch-gsb5
  class sis-inb.index.ca.GSB5
    loadlance vip inservice
    loadlance policy inb-Policy-Loadlance-1st-Match-gsb5
    loadlance vip icmp-reply
    nat dynamic 2 vlan 18
    ssl-proxy server inb-java-ssl-crt-gsb5
policy-map multi-match inb-Policy-MultiMatch-gsb6
  class sis-inb.index.ca.GSB6
    loadlance vip inservice
    loadlance policy inb-Policy-Loadlance-1st-Match-gsb6
    loadlance vip icmp-reply
    nat dynamic 2 vlan 18
    ssl-proxy server inb-java-ssl-crt-gsb6
policy-map multi-match inb-Policy-MultiMatch-upg1
  class sis-inb.index.ca.upg1
    loadlance vip inservice
    loadlance policy inb-Policy-Loadlance-1st-Match-upg1
    loadlance vip icmp-reply
    nat dynamic 2 vlan 18
    ssl-proxy server inb-java-ssl-crt-upg1
policy-map multi-match inb-Policy-MultiMatch-upg2
  class sis-inb.index.ca.upg2
    loadlance vip inservice
    loadlance policy inb-Policy-Loadlance-1st-Match-upg2
    loadlance vip icmp-reply
    nat dynamic 2 vlan 18
    ssl-proxy server inb-java-ssl-crt-upg2
policy-map multi-match sis-ssb-tnscomerce4445-multimatch
  class sis-ssb.index.ca.4445
    loadlance vip inservice
    loadlance policy sis-ssb-tnscomerce4445-Policy-Loadlance-1st-Match
    loadlance vip icmp-reply
    nat dynamic 3 vlan 415
policy-map multi-match ssb-Policy-MultiMatch-Web
  class sis-ssb.index.ca
    loadlance vip inservice
    loadlance policy ssb-Policy-Loadlance-1st-Match
    loadlance vip icmp-reply
    nat dynamic 3 vlan 415
    appl-parameter http advanced-options ssb-http-url-parsing
    ssl-proxy server ssb-web-ssl-crt
policy-map multi-match ssb-Policy-MultiMatch-Web-gsb1
  class sis-ssb.index.ca.GSB1
    loadlance vip inservice
    loadlance policy ssb-Policy-Loadlance-1st-Match-gsb1
    loadlance vip icmp-reply
    nat dynamic 1 vlan 18
    appl-parameter http advanced-options ssb-http-url-parsing
    ssl-proxy server ssb-web-ssl-crt
policy-map multi-match ssb-touchnet4443-multimatch
  class sis-ssb.index.ca.touchnet4443
    loadlance vip inservice
    loadlance policy ssb-touchnet4443-Policy-loadlance-1st-Match
    loadlance vip icmp-reply
    nat dynamic 3 vlan 415
policy-map multi-match ssb-touchnet4444-multimatch
  class sis-ssb.index.ca.touchnet4444
    loadlance vip inservice
    loadlance policy ssb-touchnet4444-Policy-loadlance-1st-Match
    loadlance vip icmp-reply
    nat dynamic 3 vlan 415
policy-map multi-match tsssbinb-Multimatch
  class tssbinb-virtual-server-443
    loadlance vip inservice
    loadlance policy tssbinb-virtual-server-443-l7slb
    nat dynamic 3 vlan 415
    ssl-proxy server ssb-web-ssl-crt

service-policy input glol

interface vlan 16
  mac-sticky enable
  access-group input ALL
  access-group output ALL
  no shutdown
interface vlan 18
  description ofmoas01 & 02 Server Traffic
  ip address 10.2.xx.xx 255.255.255.0
  peer ip address 10.2.103.235 255.255.255.0
  access-group input www
  nat-pool 2 10.2.xx.xx 10.2.xx.xx netmask 255.255.255.255 pat
  nat-pool 1 10.2.xx.xx 10.2.xx.xx netmask 255.255.255.255 pat
  service-policy input remote_mgmt_allow_policy
  no shutdown
interface vlan 415
  ip address 10.2.xx.xx 255.255.255.0
  peer ip address 10.2.xx.xx 255.255.255.0
  syn-cookie 10000
  mac-sticky enable
  access-group input sticky
  nat-pool 3 10.2.xx.xx 10.2.xx.xx netmask 255.255.255.255 pat
  service-policy input remote_mgmt_allow_policy
  service-policy input ssb-Policy-MultiMatch-Web
  service-policy input ssb-touchnet4444-multimatch
  service-policy input ssb-touchnet4443-multimatch
  service-policy input ssb-Policy-MultiMatch-Web-gsb1
  service-policy input sis-ssb-tnscomerce4445-multimatch
  service-policy input inb-Policy-MultiMatch-Web
  no shutdown
interface vlan 1000
  ip address 192.168.5.205 255.255.255.0
  peer ip address 192.168.5.206 255.255.255.0
  access-group input ALL
  service-policy input remote_mgmt_allow_policy
  no shutdown

interface bvi 18
  no shutdown

ft interface vlan 416
  ip address 10.255.255.253 255.255.255.252
  peer ip address 10.255.255.254 255.255.255.252
  no shutdown

ft peer 1
  heartbeat interval 200
  heartbeat count 10
  ft-interface vlan 416
  query-interface vlan 1000
ft group 1
  peer 1
  priority 200
  peer priority 150
  associate-context Admin
  inservice

ft track interface oafm-tracking-vlan1000
  track-interface vlan 1000
  peer track-interface vlan 1000
  priority 200
  peer priority 150