Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
909
Views
0
Helpful
5
Replies

HTTP Get healthprobe with AD user authentication

Matthew.bennett
Level 1
Level 1

‎05-17-2011 08:27 AM

Hi,

I'm throwing this one out there to the ACE module Load-balancing experts!

how do I configure a request method get url for google.co.uk so that it authenticates a healthprobe AD user with a Bluecoat proxy appliance?

The objective here is to have a probe run a http get to google to test our bluecoat proxy appliance and then failover to another real server (or bluecoat appliance)

Thanks

Labels:
0 Helpful
5 Replies 5

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎05-19-2011 03:30 AM

Hi Matthew,

This would partially depend on the authentication type defined on your Bluecoat proxy.

For most of the setups, it should be enough to configure the credentials to be used under the probe parameters with the "(config-probe-http)# credentials " command.

If this doesn't work, you may also try inserting an authentication header inside the request. Again configured under the probe parameters.

For more details on the available options, please refer to http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/probe.html#wp1031398

Regards

Daniel

0 Helpful

Matthew.bennett
Level 1
Level 1
In response to Daniel Arrondo Ostiz

‎05-19-2011 04:05 AM

Hi Daniel,

Actually becuse the GET will come from the vlan addresses on the ACE rather than the VIP used for client connections, we can allow access to google for those addresses unauthenticated!

thanks for your help in any case

0 Helpful

Matthew.bennett
Level 1
Level 1
In response to Matthew.bennett

‎05-24-2011 01:37 AM

Hi Daniel,

I don't know why, but i thought this was working...turns out i was wrong.

The issue I have is that this probe is for a socks connection. So usually I just use a probe on TCP port 1080 to our sock gateway. However, i am trying to perform a GET to google.co.uk on the same port/protocol. This is failing. I'm assuming this is probably related to socks user/password which is version 5.

Can i use the user and password in the probe configuration to authenticate with socks gateway?

many thanks for your help in this matter!

Matthew

0 Helpful

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee
In response to Matthew.bennett

‎05-24-2011 02:04 AM

Hi Matthew,

I have to admit I'm not 100% sure, but I don't think SOCKS5 authentication is supported for ACE probes.

If it's not possible to use different authentication mechanisms or allow the ACE IP to go out unauthenticated (as you were suggesting), then, another alternative you may consider is creating a TCL script. You can find more details on the TCL probe scripts on ACE at http://www.cisco.com/en/US/partner/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/script.html

Regards

Daniel

0 Helpful

Matthew.bennett
Level 1
Level 1
In response to Daniel Arrondo Ostiz

‎05-24-2011 02:16 AM

I think that just purely from a security perspective, we will have to use authentication as the traffic traverses our internal firewal clu

ster.

Thanks for your help and I'll update you on my TCL scripting research and design!

kind regards

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card