Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About krishnadas.R_2
Stats
Member since
04-07-2006
25
Posts
5
Helpful
0
Solutions
06-17-2014
02:29 PM
With "mls qos" OFF the switch does not modify any markings. - With "mls qos" ON the switch clears all COS, ip-prec, and DCSP, unless the trust configuration was specified.
... View more
04-30-2014
10:58 PM
N7Ks are used at single customer site. D1&D2 are collapsed core-dist switches (vdc), where access switches will connect and S1&S2 are server farm vdcs where fex's are attached. 7k1 7k2 S1------S2 D1------D2
... View more
Created by
krishnadas.R_2
in Switching
in Switching
04-30-2014
01:53 AM
04-30-2014
01:53 AM
Hi I have 2 N7Ks N7K-1 have 2 VDCs, D1 and D2 N7K-2 have 2 VDCc S1 and S2 D1&D2 have vPC configured between them and S1&S2 also have vPCs b/w them. What is the best practice to interconnect D1&D2 to S1&S2 with redundancy ? I am yet to see a Cisco Doc that discusses this design, Please let me know your suggestions. TIA.
... View more
Labels:
Created by
krishnadas.R_2
in Application Networking
in Application Networking
04-17-2011
04:22 AM
04-17-2011
04:22 AM
Hi Daniel, I will give A2.3.3 a try in coming days and shall update the results. Many thanks for the advice. Regards, Kris
... View more
Created by
krishnadas.R_2
in Application Networking
in Application Networking
04-14-2011
05:30 AM
04-14-2011
05:30 AM
Hi All, We have a two ACE module running in a redentant setup in CAT-6500. The software version is Version A2(1.6a) [build 3.0(0)A2(1.6a) It has started giving many issues lately, promtping us to think of a software upgrade. Please advice, which version is most stable in your experaince ? Thanks in advance. Kris
... View more
Labels:
Created by
krishnadas.R_2
in Application Networking
in Application Networking
06-29-2010
12:22 AM
06-29-2010
12:22 AM
Hi, It is working now, adding port 80 fixed the issue. Many Thanks. 5/5
... View more
Created by
krishnadas.R_2
in Application Networking
in Application Networking
06-28-2010
01:35 PM
06-28-2010
01:35 PM
Hi, The context was configured for Load Balancing Port 80 and 443 traffic before the SSL Configs was Applied. The SSL Termination is configured on ACE module running the software version A2(1.6a) [build 3.0(0)A2(1.6a) The load balacing is working without no issues, But when i do a https://abc.www.abc.qa/wps/portal/login the browser reconganizes the certificate from ACE, but does not show up any thing, just shows this symbol € in a blank page. Plese let me know if you have any suggestions. Thanks in Advance. Here is the relevant config. =================== crypto csr-params ABC-II-PRAMS country XX state XXXX locality XXXX organization-name abc council common-name abc.www.abc.qa serial-number 1 email abc@abc.com rserver host abcserver1 ip address 10.14.1.165 inservice rserver host abcserver2 ip address 10.14.1.177 inservice ssl-proxy service abc.www.proxy key abc-II-key.pem cert abc-II-cert.pem serverfarm host abc.www.abc.qa-443 failaction purge rserver abcserver1 probe abcicmp inservice rserver abcserver2 probe abcicmp inservice serverfarm host abc.www.abc.qa-80 failaction purge rserver abcserver1 probe abcicmp inservice rserver abcserver2 probe abcicmp inservice sticky ip-netmask 255.255.255.255 address source abc.www.abc.qa-sticky-80 timeout 120 serverfarm abc.www.abc.qa-80 sticky ip-netmask 255.255.255.255 address source abc.www.abc.qa-sticky-443 timeout 120 serverfarm abc.www.abc.qa-443 ! ! class-map match-all abc.www.abc.qa-443 match virtual-address 10.14.1.203 tcp eq https ! class-map match-all abc.www.abc.qa-80 match virtual-address 10.14.1.203 tcp eq www ! ! policy-map type loadbalance first-match abc.www.abc.qa-VIP-443 class class-default sticky-serverfarm abc.www.abc.qa-sticky-443 ! policy-map type loadbalance first-match abc.www.abc.qa-VIP-80 class class-default sticky-serverfarm abc.www.abc.qa-sticky-80 policy-map multi-match abc-POLICY class abc.www.abc.qa-80 loadbalance vip inservice loadbalance policy abc.www.abc.qa-VIP-80 loadbalance vip icmp-reply class abc.www.abc.qa-443 loadbalance vip inservice loadbalance policy abc.www.abc.qa-VIP-443 loadbalance vip icmp-reply ssl-proxy server abc.www.proxy =============================
... View more
- Tags:
- ssl_termination
Labels:
12-26-2009
09:52 PM
Ks, I am waiting for the client to be avaliable to do the test, shall let you know the results. Thanks Kris
... View more
12-26-2009
09:51 PM
Jon, FWSM is running code 3.1(4). Multicast routing is setup on the FWSM. kris
... View more
12-24-2009
04:41 AM
Hi Jon, I was getting this error continously in the FWSM logs, Dec 23 2009 12:41:18: %FWSM-3-106010: Deny inbound udp src er-dmz-int:10.1.151.5/60812 dst er-db-zone:228.10.10.10/45566 Dec 23 2009 12:41:18: %FWSM-3-106010: Deny inbound udp src er-dmz-int:10.1.151.5/60812 dst er-db-zone:228.10.10.10/45566 Dec 23 2009 12:41:18: %FWSM-3-106010: Deny inbound udp src er-dmz-int:10.1.151.5/60812 dst er-db-zone:228.10.10.10/45566 Dec 23 2009 12:41:18: %FWSM-3-106010: Deny inbound udp src er-dmz-int:10.1.151.5/60812 dst er-db-zone:228.10.10.10/45566 As per cisco doc, http://www.cisco.com/en/US/docs/security/fwsm/fwsm22/system/message/fsmemsgs.html %FWSM-3-106010 --> "This is a connection-related message. This message is logged if an inbound connection is denied by your security policy" There is a specific permit line in ACL that allows traffic to 228.10.10.10 from 10.1.151.0 and I saw hits aswell on those lines. I cleared the xlate for source and destination, removed and re-applied the ACL lines with no luck untill I lowered the security level. But the fact is that there are many other vlans working in similar fashion in this FWSM, only this couple of interface had issues. The traffic is multicast, but does that make a diffrence when connectivity is working one-way ? Thanks Kris
... View more
12-24-2009
02:58 AM
er-db-zone = DB vlan er-dmz-int = APP vlan static (er-db-zone,er-dmz-int) 10.1.149.0 10.1.149.0 netmask 255.255.255.0 static (er-dmz-int,er-db-zone) 10.1.151.0 10.1.151.0 netmask 255.255.255.0
... View more
12-24-2009
01:44 AM
Hi, I have two vlans defined on the FWSM, APP and DB, For the APP vlan, Sec level is 60 for DB it is 100. I wanted to allow multicast from APP to DB and Vice Versa. The necessary NAT statement and ACLs are updated and connectivity is working from DB to APP vlan. However though ACL and NAT statements are in place for APP -> DB communication, I had to lower security level of the DB vlan to 60 to make it work. As soon as I lowered the security level it started working. Is there a way to make it work without lowering the security level ? Thanks, Kris
... View more
- Tags:
- fwsm_security_levels
Labels:
12-14-2009
04:42 AM
Hi, ASA wont allow port redirection, so you may need to use the DNS doctoring feature.. If accessing the server via the internal IP address meets your needs, then you may want to try DNS doctoring. hth http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml
... View more
12-14-2009
03:40 AM
HI, We can assume that since you are getting the login prompt, connectivity and NAT is working. Check if the connection is getting redirected to a diffrent port after you enter the login credentials.
... View more
12-13-2009
04:35 AM
Hi, I am trying to make the Multicast working between two vlans defined in FWSM.. Hosts are running mysql cluster and Multicast is used to send master/slave status information to the IP 228.10.10.10 on port 45566. The vlan is defined in FWSM and the host are connected via the core-switch(6513). (hosts-->core-sws--->fwsm).. FWSM is running code 3.1(4). I have enabled <multicast-routing> in FWSM. Just wondering if this is enough to make it working ? Any advice is higly appreciated. Thanks in Advance. kris
... View more
Labels:
You Have No Messages
Public Statistics
| Date Registered | 04-07-2006 10:52 AM |
| Date Last Visited | 08-18-2017 03:53 AM |
| Total Messages Posted | 25 |
| Total Helpful Votes Received | 5 |
.jpg "Hall of Fame Guru"){kind=icon}
