Akhtar,    When doing client authentication, the ACE will request a certificate from the client.  This will be done in the SSL handshake.  If the client does not send a certificate, the handshake will fail.   If the Client does send a certficate, then the ACE will use the certificate in the auth group to autenticate the client certificate.  In your configuration, you are using cert certfinal.pem in the auth group.  This appears to be the server certificate. If that is the case, then this will not work as it is highly unlikely that the certifcate cert certfinal.pem was used to sign the client certifcates.  The Authgroup should have the certificate that signed the client certs and not the server cert. Typicall you would see a certificate chain that would look some thing like this Root CA--signs the Intermediate CA---which signs the server or Client Certifcate. Your authgroup should contain the the intermediate and root ca that signed the client certificate.  Then those client certificates must be installed on the client. ... View more

I think this is what you are asking for.  It will terminate ssl, translate to port 80, send url test.english.ca to one serverfarm and test.french.ca to another serverfarm. class-map type http loadbalance match-all url1 match http url /test.french.ca/.* class-map type http loadbalance match-all url2 match http url /test.english.ca/.* class-map match-all EXAMPLE_L4   2 match virtual-address 17.170.239.252 tcp eq https serverfarm host Serverfarm1   rserver Server1 80    inservice   rserver Server2 80    inservice serverfarm host Serverfarm1   rserver Server3 80    inservice   rserver Server4 80    inservice ssl-proxy service SSLWILDCARDCERT   key key.key   cert cert.cert policy-map type loadbalance first-match EXAMPLE_L7   class url1     sticky-serverfarm Serverfarm1   class url2     sticky-serverfarm Serverfarm2 policy-map multi-match VIPS   class EXAMPLE_L4     loadbalance vip inservice     loadbalance policy EXAMPLE_L7     loadbalance vip icmp-reply active         ssl-proxy server SSLWILDCARDCERT ... View more

Looks fine...  Can you send the output of show snmp Thanks, Chris ... View more

Looks like the only requirement is Vcenter and Vsphere 4 client.  So version 4.0 and up is supported. http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/application_networking_manager/5.1/device_support/table/sdt.html ANM 5.2 and 5.1 includes a plug-in that allows you to integrate ANM into  a VMware virtual data center environment. VMware is a third-party  product for creating and managing virtual data centers. Using VMware  vSphere Client, you can access ANM functionality and manage the ACE real  servers that provide load-balancing services for the virtual machines  in your virtual data center. To use the ANM 5.2/5.1 plug-in, you must use VMware vCenter Server and  VMware vSphere Client 4. For more information about using ANM in a VMware virtual data center  environment, see the User Guide for the Cisco  Application Networking Manager 5.2/5.1. ... View more

Jose,       There is no way to reload just the ssh daemon for a context.  Only option is a reload. Chris ... View more

Can you try show ssh session-info from all the other contexts?  Do you see any hung sessions? ... View more

Jose,      Is this a new implementation, the contexts that is?  Have you ever been able to ssh to the context?  If this a new implementation, did you add the management policy for the context? you can see the open  ssh sessions with the following command sh ssh session-info then you can use switch/Admin# clear ssh ?   <0-2147483647>  Use clear ssh ssh_id to kill an ssh session   hosts           Clear the list of trusted ssh hosts to kill any hung sessions. ... View more

To my knowledge what you are asking for is not possible without going through a vip.  When you create a match desitnation address 192.168.1.11, the ace does not create an arp entry for it.  So the upstream router would not know where to send the packet.  Thanks, Chris ... View more