About mwinnett

mwinnett · 09-11-2013

Syed, as far as I can tell, yes you will need a GEO DB per device. They are not transferrable between devices (actually you can transfer and install without error, but they dont work). If you are commissioning you will need to contact Cisco licensing...

mwinnett · 08-15-2013

CharlesYou need to sit down and determine what traffic you want to permit into the device. There is an implicit "deny ip any any" at the end of each acl. The access-lists below permit- anyone external to reach the vips for https- anyone local (ie: ...

mwinnett · 08-14-2013

You'll probably need to open a tac case so someone can check the css & tac configs and you'll probably need to get concurrent traces either side of the ace (and maybe css for comparison). Are both css and ace configured for the same behaviour. I had ...

mwinnett · 08-12-2013

Charles, I would do this with the interface access-list. You will need to explicitly permit the traffic to be load balanced, mgmt traffic and all https/ssh and deny everything else. Matthew

mwinnett · 08-09-2013

Can you clarify what you mean by "traffic restricted to ssh & https" ? Ie: do you mean only ssh & https mgmt traffic to the ace, only https and ssh towards the vip or only ssh & https through the box (not load balanced) ? Matthew

Member Since	‎10-26-2010 04:34 AM
Date Last Visited	‎08-18-2017 04:03 AM
Posts	193
Total Helpful Votes Received	45

User Statistics

User Activity

GSS GEO DB Install

ACE 4710 Resttrict traffic to HTTPS and SSH only

ACE with SSO

ACE 4710 Resttrict traffic to HTTPS and SSH only

ACE 4710 Resttrict traffic to HTTPS and SSH only