I am trying to set-up SSL stickyness using the session ID in a onearm configuration mode and can not access the website via the vip. I can browse to both servers directly. The ACE is connected to a Cat 6500, via a 4 gigabit ethernet port-channel and only the management and onearm context vlan is trunked down the port-channel. From the OneArm Mode context i am able to ping the MSFC (VLAN980) default gateway and both rservers. The rservers, Server Farm and Service Policy are all showing as in service. I am also able to ping the vip from any device on the network. The incoming connection is establish and nat appears to take place, although the return session is report as init. I have posted the configuration below and was hoping someone could make a few suggestions. One of the things i notice is on the MSFC the nat address isn't in the arp table, although, it's showing on the ACE. logging enable logging buffered 7 access-list everyoneline 1 extended permit ip any any script file name SSL_PROBE_SCRIPT probe scripted ssl443 port 443 interval 60 passdetect interval 60 script SSL_PROBE_SCRIPT parameter-map type generic sslidparam set max-parse-length 70 rserver host host1 ip address 192.168.20.129 inservice rserver host host2 ip address 192.168.20.130 inservice serverfarm host ssl-443 rserver host1 weight 10 probe ssl443 inservice rserver host2 weight 10 probe ssl443 inservice sticky layer4-payload sticky-443 timeout 720 serverfarm ssl-443 response sticky layer4-payload offset 43 length 32 begin-pattern "\x20" class-map type management match-any MANAGEMENT 2 match protocol icmp any 3 match protocol http any 4 match protocol https any 5 match protocol ssh any 6 match protocol telnet any class-map match-any slb-vip 3 match virtual-address 192.168.198.50 tcp eq https policy-map type management first-match MANAGEMENT-POLICY class MANAGEMENT permit policy-map type loadbalance generic first-match slb-vip class class-default sticky-serverfarm sticky-443 policy-map multi-match SSL-STICKY class slb-vip loadbalance vip inservice loadbalance policy slb-vip loadbalance vip icmp-reply nat dynamic 1 vlan 980 appl-parameter generic advanced-options sslidparam interface vlan 980 ip address 192.168.198.4 255.255.255.0 peer ip address 192.168.198.5 255.255.255.0 access-group input everyone nat-pool 1 192.168.198.6 192.168.198.6 netmask 255.255.255.255 pat service-policy input MANAGEMENT-POLICY service-policy input SSL-STICKY no shutdown ip route 0.0.0.0 0.0.0.0 192.168.198.1 sh conn total current connections : 2 conn-id np dir proto vlan source destination state ----------+--+---+-----+----+---------------------+---------------------+------+ 19828 1 in TCP 98 192.168.18.139:2411 192.168.198.50 :443 ESTAB 19829 1 out TCP 98 192.168.20.129 :443 192.168.198.6 :1059 INIT
... View more
Wrong forum, Reloading an Ironport S-Series is a command line function. SSH into the appliance and type reboot. s650.xxxxxx.xx.xx> reboot Are you sure you want to reboot? [N]> y System shutting down. Please wait while the system services are stopped...
... View more