03-24-2012 06:23 AM
Hi.
We have an ACE30 (running A5(1.2)) and a couple of Exchange 2010 CAS.
We have little experience in load-balancing, but we found this guide from Cisco: http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/App_Networking/Exchange_VSphere_UCS_NetApp.html#wp345264
We have also tried to use the template for Exchange 2010 in ANM. The result seems to be the same:
If we go to the URL for OWA, nothing happens. If we go directly to a CAS (by editing the hosts-file on the client), the same URL is working perfectly.
Here's the config of the ACE-context:
access-list all line 10 extended permit ip any any
access-list all line 20 extended permit icmp any any
probe http http-probe
interval 60
passdetect count 2
request method get url /exchweb/bin/auth/owalogon.asp
expect status 400 404
probe https https-probe
interval 60
passdetect count 2
ssl version all
request method get url /owa/auth/login.aspx
expect status 400 404
rserver host CAS1
ip address 10.10.10.1
probe http-probe
probe https-probe
inservice
rserver host CAS2
ip address 10.10.10.2
probe http-probe
probe https-probe
inservice
rserver redirect SSLREDIRECT
webhost-redirection https://www2.test.com/owa 302
inserviceserverfarm host CAS-FARM
predictor leastconns
rserver CAS1
inservice
rserver CAS2
inservice
serverfarm host CAS-FARM-80
predictor leastconns
rserver CAS1 80
inservice
rserver CAS2 80
inservice
serverfarm redirect SSLREDIRECT
rserver SSLREDIRECT
inservicesticky ip-netmask 255.255.255.255 address source CAS-IP
replicate sticky
serverfarm CAS-FARM
sticky http-cookie Cookie OWA-STICKY
cookie insert browser-expire
timeout 60
replicate sticky
serverfarm CAS-FARM-80
sticky http-header Authorization CAS-RPC-HTTP
serverfarm CAS-FARM-80ssl-proxy service OWA
key www2.test.com.pfx
cert www2.test.com.pfxclass-map match-any IMAPI-RPC
2 match virtual-address 10.1.1.1 any
class-map match-all OWA-OUTLOOKANYWHERE-SSL
2 match virtual-address 10.1.1.1 tcp eq https
class-map match-all OWAREDIRECT
2 match virtual-address 10.1.1.1 tcp eq wwwpolicy-map type management first-match mgmt-pm
class class-default
permitpolicy-map type loadbalance first-match IMAPI-RPC
class class-default
sticky-serverfarm CAS-IP
policy-map type loadbalance first-match OWA-OUTLOOKANYWHERE
match OUTLOOK_ANYWHERE http header User-Agent header-value "MSRPC"
sticky-serverfarm CAS-RPC-HTTP
class class-default
sticky-serverfarm OWA-STICKY
policy-map type loadbalance http first-match SSLREDIRECT
class class-default
serverfarm SSLREDIRECTpolicy-map multi-match int118
class OWAREDIRECT
loadbalance vip inservice
loadbalance policy SSLREDIRECT
class OWA-OUTLOOKANYWHERE-SSL
loadbalance vip inservice
loadbalance policy OWA-OUTLOOKANYWHERE
loadbalance vip icmp-reply active
nat dynamic 1 vlan 118
ssl-proxy server OWA
class IMAPI-RPC
loadbalance vip inservice
loadbalance policy IMAPI-RPC
nat dynamic 1 vlan 118interface vlan 118
description to server-side vlan
ip address 172.16.1.2 255.255.255.252access-group input all
nat-pool 1 10.1.1.2 10.1.1.2 netmask 255.255.255.255 pat
service-policy input int118
service-policy input mgmt-pm
no shutdownip route 0.0.0.0 0.0.0.0 172.16.1.1
Are there any obvious mistakes in this config?
04-03-2012 03:27 AM
crypto chaingroup www2.test.com
cert digicert_intermediateaccess-list all line 10 extended permit ip any any
access-list all line 20 extended permit icmp any any
probe http http-probe
interval 10
faildetect 2
passdetect interval 10
passdetect count 2
request method get url /iisstart.htm
expect status 200 200
rserver host CAS1
ip address 10.10.10.1
probe http-probe
inservice
rserver host CAS2
ip address 10.10.10.2
probe http-probe
inservice
rserver redirect SSLREDIRECT
webhost-redirection https://%h%p 301
inserviceserverfarm host CAS-FARM
predictor leastconns
rserver CAS1
inservice
rserver CAS2
inservice
serverfarm host CAS-FARM-80
predictor leastconns
rserver CAS1 80
inservice
rserver CAS2 80
inservice
serverfarm redirect SSLREDIRECT
rserver SSLREDIRECT
inservicesticky ip-netmask 255.255.255.255 address source CAS-IP
replicate sticky
serverfarm CAS-FARM-80
sticky http-cookie Cookie OWA-STICKY
cookie insert browser-expire
timeout 60
replicate sticky
serverfarm CAS-FARM-80
sticky http-header Authorization CAS-RPC-HTTP
serverfarm CAS-FARM-80ssl-proxy service OWA
key www2.test.com.pfx
cert www2.test.com.pfx
chaingroup www2.test.comclass-map match-any IMAPI-RPC
2 match virtual-address 10.1.1.1 any
class-map match-all OWA-OUTLOOKANYWHERE-SSL
2 match virtual-address 10.1.1.1 tcp eq https
class-map match-all OWAREDIRECT
2 match virtual-address 10.1.1.1 tcp eq wwwpolicy-map type loadbalance first-match IMAPI-RPC
class class-default
sticky-serverfarm CAS-IP
policy-map type loadbalance first-match OWA-OUTLOOKANYWHERE
match OUTLOOK_ANYWHERE http header User-Agent header-value "MSRPC"
sticky-serverfarm CAS-RPC-HTTP
class class-default
sticky-serverfarm OWA-STICKY
policy-map type loadbalance http first-match SSLREDIRECT
class class-default
serverfarm SSLREDIRECTpolicy-map multi-match int118
class OWAREDIRECT
loadbalance vip inservice
loadbalance policy SSLREDIRECT
class OWA-OUTLOOKANYWHERE-SSL
loadbalance vip inservice
loadbalance policy OWA-OUTLOOKANYWHERE
nat dynamic 1 vlan 118
ssl-proxy server OWA
class IMAPI-RPC
loadbalance vip inservice
loadbalance policy IMAPI-RPC
loadbalance vip icmp-reply active
nat dynamic 1 vlan 118interface vlan 118
description to server-side vlan
ip address 172.16.1.2 255.255.255.252
access-group input all
nat-pool 1 10.1.1.1 10.1.1.1 netmask 255.255.255.255 pat
service-policy input int118
no shutdownip route 0.0.0.0 0.0.0.0 172.16.1.1
snmp-server community IntiliReaD group Network-Monitor
We finally got it working. Above is the config as it is right now. The main difference is the URL for redirection. With Cisco's example, we got caught in a redirection loop.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide