Solved: Enable XML-HTTPS protocol in ACE

kevin.keo · ‎03-09-2011

I'm configuring ACE to enable the XML-HTTPS interface so I can import it into ANM, when I try to do a "match protocol xml-https any", I get a invalid command detected. When I tab at the match protocol command, I don't see xml-https listed (http, https, icmp, etc. is listed). Am I missing something here?

venkatkr · ‎03-13-2011

Hi Kevin,

This is a very common confusion customers face. The issue is the difference between an ACE appliance -4710 vs a ACE module.

In Ace appliance you have an option to do XML-HTTPS which needs to be opened up to make the ANM import successful. However if you are not finding "xml-https" as an option then you are using a ACE module in which case all you need to enable is HTTPS to import the module to the ANM.

Now the obvious questions is why the difference.

The ACE Appliance has a webGUI which works on HTTPS. So we cannot use that for XML and because of this we needed to come up with a non standary port (10443) called xml-https so that its can be used to integrate with ANM.

ACE module does not have a gui listening on 443 so we can very well use that port for XML.

Hope this answers your questions. If so, please mark it Answered and rate it accordingly.

If you have any follow up questions, feel free to contact me.

Regards

VK

View solution in original post

venkatkr · ‎03-13-2011

Hi Kevin,

This is a very common confusion customers face. The issue is the difference between an ACE appliance -4710 vs a ACE module.

In Ace appliance you have an option to do XML-HTTPS which needs to be opened up to make the ANM import successful. However if you are not finding "xml-https" as an option then you are using a ACE module in which case all you need to enable is HTTPS to import the module to the ANM.

Now the obvious questions is why the difference.

The ACE Appliance has a webGUI which works on HTTPS. So we cannot use that for XML and because of this we needed to come up with a non standary port (10443) called xml-https so that its can be used to integrate with ANM.

ACE module does not have a gui listening on 443 so we can very well use that port for XML.

Hope this answers your questions. If so, please mark it Answered and rate it accordingly.

If you have any follow up questions, feel free to contact me.

Regards

VK

benediktsv · ‎10-05-2011

Ok - I just found this "answer"

I'm using an ACE10 and we have a demo ANM installed.

We are trying to import an ACE10 - but chosing the ACE 4710 as the device type in the ANM. And yes, it fails. (I can only chose ACE4710, IOS, GSS,CSS)

Our ACE10 is answering on port 443 - with the XML interface. We get an certficicate failure when we log into, but we can manually d/l the XML file.

I can however with a sniffer see that the ANM is trying on port 10443 - and our ACE10 module is not listening there.

So - what is the solution?

is the ACE10 supported by the ANM software (I can see no reference in either direction)

Can you chose the port the HTTPS service is listening to ?

Update:

Jumped the gun, the solution is that the 6500 chassis has to be added and the ACE module selected from that device

Benedikt