Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello AllHere is the config:access-list any line 8 extended permit icmp any anyaccess-list any line 16 extended permit ip any anyprobe http web request method get url /index.html expect status 200 200parameter-map type ssl tesstC cipher RSA_WITH_A...
HelloI was wondering if the following configs were supported by Cisco:1) CSM on a 64 bits architecture2) CSM on a 32 bits arch but without the CSA agentThx all
I heard from a Cisco representative that communication between the APs and the controlleur(s) should be less than 100ms. Did anyone experienced problems by not respecting that restriction?This restriction would have an impact on our design. Originaly...
Well GillesI went ahead and tried it in the labs. If you don't open the range of ports, ftp pasv does not work. Inspect ftp doesn't seem to resolv the issue.
Hello>>you will never reach the class CLASS-REDIRECT because you will have a match on web2. They both match on 10.1.1.1:80.There should be a match on "web2" only if Host header-value contains dummy-host2.example.com else traffic will reach CLASS-REDI...
JamesWouldn't the ACE Ftp inspect also open the ports on the vip for the traffic to be loadbalanced? What you described raises security concerns. You could possibly have a firewall in front of the ACE doing the filtering (and ftp inspect)
Wouldn't something like this work:header rewrite request host header-value www[.]example[.]com replace www[.]example[.]com[/]es[/]exampleEdit: I made the assumption that you do terminate the SSL tunnel on the ACE and that you have a SSL proxy configu...
