Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
ACE 30 module running A4(2.3) code. I want to turn off SSLv3 support, but seeing some different behavior when doing so. Perhaps someone can explain the ACE behavior. When ACE is set to all versions (SSLv3 and TLS1.0), if a TLS1.2 Client Hello is re...
How is the ACE supposed to implement x-forward-for? For http request headers where there is an existing x-forward-for header, the ACE should be appending to existing header. Instead, the ACE is adding a second x-forward-for header in the same http ...
Have anyone written a TCL script to probe MQ from the ACE? Our app guys are saying that a Layer 4 probe (TCP port check) is generating errors in the QManager logs because there is no data exchange, just TCP connection setup, then tear-down.Thought I...
Can the ACE load balance SMB?Server 1 DNS is msserver1Server 2 DNS is msserver2VIP DNS is msserverCan the ACE replace the server name (or IP address) in a tree connect query with the actual real server name that is chosen for the request? ...
I have been asked to consider moving the load balancing functionality that another product is providing (IBM's Datapower) to our Cisco ACE implementation.The Datapower device listens on port 80 and makes load balancing decisions based on the URI stri...
kanwalsi,Your description makes sense, but I do not understand what the ACE is doing when the Client Hello is TLS1.2, a version it doesn't recognize (in this version of code). When version is all, the ACE accepts the TLS1.2 Client Hello and responds...
The standard is for proxy devices to append the last source IP address to the list of existing addresses. So, the value of the X-Forward-For field would be client ip, proxy 1, proxy2, ... The true client IP address would be the first left-most IP a...
Here is your basic checklist to accomplish what you seek.1. Load the certs and keys on the ACE. Reference the crypto CLI command2. Add serverfarm host which references the real servers. Use port 80 when defining the real servers in the serverfarm...
