03-13-2013 07:38 PM
Hi guys,
I am having some trouble with this config. All i am looking to do is a simple reverse proxy to this one host. When the page comes up it prompts me to download a bin file.... Probe succeeds and it says its working. I would also like to redirect to /spend What am i missing?
PA-ACE-4700-SLB/Spend-Support# show run
Generating configuration....
crypto chaingroup SPEND-CHAINGROUP
cert AddTrustExternalCARoot.crt
cert COMODOHigh-AssuranceSecureServerCA.crt
access-list allow line 8 extended permit ip any any
probe tcp HTTPS_PROBE
port 443
interval 5
passdetect interval 5
receive 3
connection term forced
open 2
probe tcp TCP8005_PROBE
port 8005
interval 5
passdetect interval 5
receive 3
connection term forced
open 2
rserver host Spend
ip address 10.0.10.22
inservice
serverfarm host SPEND
probe HTTPS_PROBE
rserver Spend 443
inservice
ssl-proxy service SPEND-SSLPROXY
key ProdKEYPAIR.PEM
cert WWW-PROD-CERT.crt
chaingroup SPEND-CHAINGROUP
class-map type http loadbalance match-any L5
2 match http url /.*
class-map match-all SPEND-CLASS
2 match virtual-address 10.0.1.110 tcp eq https
policy-map type loadbalance first-match HTTPS
class L5
serverfarm SPEND
policy-map multi-match SPEND-SLB
class SPEND-CLASS
loadbalance vip inservice
loadbalance policy HTTPS
loadbalance vip icmp-reply active
nat dynamic 1 vlan 1000
ssl-proxy server SPEND-SSLPROXY
interface vlan 1000
ip address 10.0.1.109 255.255.255.0
access-group input allow
nat-pool 1 10.0.1.110 10.0.1.110 netmask 255.255.255.255 pat
service-policy input SPEND-SLB
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.1.8
Thanks!
-Andy
Solved! Go to Solution.
03-14-2013 09:26 PM
Hey Andy what´s up?
Ok, Could you explain a little bit what seems to be the issue which you got or what you want to accomplish here?
You said, you are typing: https://10.0.1.110 and it should show the content of 10.0.10.22 but it is not or you are typing
https://10.0.1.110/spend and you expect the ACE magicly know what to do?
Could you specify a little bit?
If you are trying to do the following:
then you may try something like:
class-map type http loadbalance match-any spend
2 match http url /spend
policy-map type loadbalance first-match HTTPS
class spend
serverfarm SPEND
class L5
serverfarm serverfarm-for-others
Please specify what you are looking for.
Jorge
03-14-2013 01:26 AM
Hi Andy,
Can you check the "show conn address
-
Siva
03-14-2013 08:34 AM
Hi Sivaksiv,
when i go directly to https://10.0.10.22 it works correctly. However when i hit the VIP it does not. I am assuming you want me to enter this command? show conn address 10.0.10.22 netmask 255.255.255.0 ?
Thanks,
-Andy
03-14-2013 09:26 PM
Hey Andy what´s up?
Ok, Could you explain a little bit what seems to be the issue which you got or what you want to accomplish here?
You said, you are typing: https://10.0.1.110 and it should show the content of 10.0.10.22 but it is not or you are typing
https://10.0.1.110/spend and you expect the ACE magicly know what to do?
Could you specify a little bit?
If you are trying to do the following:
then you may try something like:
class-map type http loadbalance match-any spend
2 match http url /spend
policy-map type loadbalance first-match HTTPS
class spend
serverfarm SPEND
class L5
serverfarm serverfarm-for-others
Please specify what you are looking for.
Jorge
03-15-2013 07:02 AM
Hi Guys,
I ended up figuring it out. The port i was using for the serverfarm was wrong (I was given some bad info.) i used your instructions Jorge and it worked like a charm.
Thanks!
03-15-2013 07:04 AM
Andy,
It sounds good!
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide