Not bieng able to see Http or HTTPS traffic

AndyGB5150 · ‎01-25-2011

Morning or Evening.

I hope you can help me.

At the moment I can ping from a cisco ace 4710 two Web Servers and the rest of the infrastructure as shown below

At present the sticky sessions and ssl isn't really too much of a concern but I would like to see HTTP or HTTPS traffic running though the ACE 4710.

Ping from the Ace is successfull as it can ping AD servers, Database Servers, etc..

Show conn only shows that the HA links are connected but nothing else.

Show arp shows that ever thing is up from the Real Server,VIP addresses, H/A IP's and also a couple of vlans on a core switch.

I think the problem maybe due to the class-map and possibly a policy map that's not applied to the Virtual IP's

Thanks again

AndyGB5150 · ‎01-25-2011

The attatched is a current VIP status.

Thanks again

Marko Leopold · ‎01-25-2011

I would guess about a direct-server-return, but without your configuration it will be all just guessing.

AndyGB5150 · ‎01-25-2011

Thanks for the reply.

Config attatched

Marko Leopold · ‎01-25-2011

At first you should put your access-list on all your interfaces. The ACE is acting like a firewall. Then you should enable logging. The ACE is very good in telling you why something blocked or not.

AndyGB5150 · ‎01-25-2011

Thanks for the reply.

I take it adding an access-list would be the same as a normal switch ???

Daft question but I had to ask

Marko Leopold · ‎01-25-2011

on VLAN 200 you have the command

access-group input ALL

you should add this to VLAN 210 and 220 too. By default ACE is blocking all incoming traffic.