cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1171
Views
0
Helpful
0
Replies
Highlighted

RPC traffic - windows scale factor not support - exchange 2012 with ACE 4710

hi

i've problem with RPC user connection to exchange 2012 vip using ACE 4710

randomly packet comming from user always sent to port 443 and it rejected by server when it didn't have authorization for 443 access

error message on netmon server said that scale factore not supported

what should i check ?

access-list INBOUND line 8 extended permit ip any any

probe tcp 993

  description WLMaccess

  port 993

  interval 30

  connection term forced

probe icmp ICMP_PROBE

  interval 10

  passdetect interval 10

  receive 5

probe tcp TCP135

  description RPC Endpoint Mapper

  port 135

  interval 30

  faildetect 2

  passdetect interval 10

  connection term forced

probe tcp TCP25

  description SMTP

  port 25

  interval 30

  connection term forced

probe tcp TCP3268

  description Directory

  port 3268

  interval 30

  connection term forced

probe tcp TCP389

  description Directory

  port 389

  interval 30

  connection term forced

probe tcp TCP53

  description Directory

  port 53

  interval 30

  connection term forced

probe tcp TCP587

  description SMTP

  port 587

  interval 30

  connection term forced

probe tcp TCP6001

  description addressbook service

  port 6001

  interval 30

  connection term forced

probe tcp TCP6002

  description addressbook service

  port 6002

  interval 30

  connection term forced

probe tcp TCP6003

  description addressbook service

  port 6003

  interval 30

  connection term forced

probe tcp TCP6004

  description addressbook service

  port 6004

  interval 30

  connection term forced

probe tcp TCP88

  description Directory

  port 88

  interval 30

  connection term forced

probe udp UDP389

  description Directory

  port 389

  interval 30

probe udp UDP53

  description Directory

  port 53

  interval 30

probe udp UDP88

  description Directory

  port 88

  interval 30

probe tcp imap

  port 143

  interval 2

  passdetect interval 2

  passdetect count 1

  connection term forced

probe tcp imaps

  port 993

  interval 2

  passdetect interval 2

  passdetect count 1

  connection term forced

rserver host RS_AAB-CAS1

  ip address 172.16.83.23

  inservice

rserver host RS_AAB-CAS2

  ip address 172.16.83.24

  inservice

serverfarm host Exchange-CAS-RPC

  failaction reassign

  predictor leastconns

  probe TCP135

  probe TCP25

  probe TCP587

  probe TCP6001

  probe TCP6002

  probe TCP6004

  rserver RS_AAB-CAS1

    weight 15

    inservice

  rserver RS_AAB-CAS2

    weight 15

    inservice

serverfarm host OWA

  failaction reassign

  predictor leastconns

  rserver RS_AAB-CAS1

    weight 12

    inservice

  rserver RS_AAB-CAS2

    weight 12

    inservice

serverfarm host SF_AAB-CAS

  failaction reassign

  predictor leastconns

  probe ICMP_PROBE

  rserver RS_AAB-CAS1

    weight 10

    inservice

  rserver RS_AAB-CAS2

    weight 10

    inservice

parameter-map type generic sslidparam

  set max-parse-length 70

parameter-map type connection windowscale

  set tcp window-scale 14

  tcp-options window-scale allow

sticky ip-netmask 255.255.255.255 address source Exchange-CAS-RPC

  timeout activeconns

  serverfarm Exchange-CAS-RPC

sticky layer4-payload SSL_GROUP

  serverfarm OWA

  response sticky

  layer4-payload offset 43 length 32 begin-pattern "\x20"

class-map match-any Exchange-CAS-RPC

  2 match virtual-address 172.16.83.25 tcp eq 135

  3 match virtual-address 172.16.83.25 tcp range 40722 65535

  4 match virtual-address 172.16.83.25 tcp eq smtp

  5 match virtual-address 172.16.83.25 tcp eq 587

class-map match-all VS_AAB-CAS

  2 match virtual-address 172.16.83.25 any

class-map match-all slb-vip

  3 match virtual-address 172.16.83.25 tcp eq https

policy-map type management first-match mgmt-pm

  class class-default

    permit

policy-map type loadbalance first-match Exchange-CAS-RPC

  class class-default

    sticky-serverfarm Exchange-CAS-RPC

policy-map type loadbalance first-match VS_AAB-CAS-l7slb

  class class-default

    serverfarm SF_AAB-CAS

policy-map type loadbalance generic first-match gppmatch

  class class-default

    sticky-serverfarm SSL_GROUP

policy-map multi-match client-vips

  class slb-vip

    loadbalance vip inservice

    loadbalance policy gppmatch

    loadbalance vip icmp-reply active

    appl-parameter generic advanced-options sslidparam

    connection advanced-options windowscale

  class Exchange-CAS-RPC

    loadbalance vip inservice

    loadbalance policy Exchange-CAS-RPC

    loadbalance vip icmp-reply active

    connection advanced-options windowscale

  class VS_AAB-CAS

    loadbalance vip inservice

    loadbalance policy VS_AAB-CAS-l7slb

    loadbalance vip icmp-reply active

    connection advanced-options windowscale

interface vlan 83

  description VLAN in bridged mode.

  bridge-group 5

  access-group input INBOUND

  service-policy input client-vips 

  service-policy input mgmt-pm

interface vlan 223

  description Server

  bridge-group 5

  access-group input INBOUND

  no shutdown

interface bvi 5

  ip address 172.16.83.8 255.255.255.0

  no shutdown

ip route 0.0.0.0 0.0.0.0 172.16.83.248

0 REPLIES 0