Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,I have a problem with an ACE20 running software version A2(2.3) [build 3.0(0)A2(2.3)].We have a simple load-balancing arrangement for two Apache webservers. All we do is pass HTTP and HTTPS traffic through to one of two servers. we don't do SSL te...
Hi,I've just tried upgrading my ACEs from 2.1.3 to 2.1.6a (tardy I know ....) but on upgrading the first I saw that two contexts were in STANDBY_COLD and further invesigation found by sh config-error (or something like that) that it was complaining t...
In looking into my earlier problem with SSL termination I set up a simple test context to try to reproduce it. I now have a situation where either HTTP or HTTPS access works - but never both. Which protocol works depends on how many times I remove t...
Dear All,I'm seeing a strange problem with SSL termination. The context is using Source NAT to backend webservers. The symptom is that the ACE doesn't send back the "server hello" in response to the "client hello". I get an ACK and then a reset from ...
Hi All,I've got a strange problem with session counts and timeout on an ACE (2.1.3).I created a connection parameter-map to an existing configuration, added it to the load-balance configuration and then removed and re-added the service policy. The c...
Hi,
Not sure why you need ports defining on the serverfarm. You should be able to do this;
class-map match-any L4VIPCLASS-80-90 1 match virtual-address 1.1.1.1 tcp eq 80 2 match virtual-address 1.1.1.1 tcp eq 81 3 match virtual-address 1.1.1.1 t...
Hi, If the two VIPs serverfarms are in the same context then you will need to source-NAT traffic from the rservers to an address in the serverside VLAN. If you don't do this then the traffic becomes asymmetric and is dropped by the ACE (unless you di...
Hi, It depends what you mean by end-to-end SSL. If you mean just passing the SSL traffic through without any additional processing then you don't need the cert/key on the ACE. However the phrase end-to-end, particularly in the ACE manuals means termi...
Yes. It uses the same technique as HTTPS termination. Just remember to specify port 389 on the serverfarm. E.g.serverfarm host FARM-LDAP probe PROBE-LDAP-389 rserver redacted01 389 inservice rserver redacted02 389 inservice rserver redacted...
That is the error message you would see if the ACS was not setting the user role to Admin. See discussions athttps://supportforums.cisco.com/thread/2041390https://supportforums.cisco.com/thread/2038886for examples of what you need to configure.HTHCa...
