Content Engine NM ACNS/network access

After searching Google and Cisco, here's my setup...
2851 Router running 15.1T
CE-NM-BP-80G-K9 in slot 1/0
Bridge group 1 for LAN and Wireless WIC.
Goal:  Either add the external CE interface to the LAN on the bridge group or use WCCP to cache traffic through the internal interface.
I was able to access ACNS once, but I'm completely new to the design and it was only for testing with the IP scheme.  I reset the config, reloaded the router and now I can't access ACNS via the web gui nor can I access the network from the CE (ping or ftp).
Interface ContentEngine 1/0 Config:
     ip address 10.0.0.1 255.255.255.0
     Service Module ip address 10.0.0.2 255.255.255.0
     Service Module external ip address 10.0.1.1 255.255.255.0
     Service Module ip default gateway 10.0.0.1
Interface BVI1
     ip address 192.168.2.1 255.255.255.0
     using dhcp etc
Service module config:
CE#sh run
! ACNS version 5.5.3
hostname CE
http proxy incoming 80 8080
ip domain-name mydomain.com
interface FastEthernet external
exit
interface FastEthernet internal
exit
wmt evaluate
wmt accept-license-agreement
wmt enable
ip name-server 8.8.8.8
ip name-server 192.168.2.1
wccp router-list 1 192.168.2.1
wccp web-cache router-list-num 1
wccp reverse-proxy router-list-num 1
wccp wmt router-list-num 1
wccp version 2
username admin password 1 xxx
username admin privilege 15
username xxxx password 1 xxx uid 2001
username xxxx privilege 15
authentication login local enable primary
authentication configuration local enable primary
cdm ip 192.168.2.1
! End of ACNS configuration
Here's what I get when attempting to ping:
CE#ping 192.168.2.1
connect: Network is unreachable
CE#ping 10.0.0.1
connect: Network is unreachable
CE#ping 10.0.1.1
connect: Network is unreachable
And from the LAN:
seth@Sony:~$ ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_req=1 ttl=255 time=1.79 ms
^C
--- 192.168.2.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.799/1.799/1.799/0.000 ms
seth@Sony:~$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_req=1 ttl=255 time=1.39 ms
64 bytes from 10.0.0.1: icmp_req=2 ttl=255 time=1.93 ms
^C
--- 10.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.396/1.666/1.936/0.270 ms
seth@Sony:~$ ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
seth@Sony:~$ ping 10.0.1.1
PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.
^C
--- 10.0.1.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1007ms
Page cannot be displayed when attempting to hit the CE on port 8001 or securely at 8003 although the CE shows it's listening
CE#sh gui-server     
GUI Server is enabled
Listen on port 8001
Secured GUI Server is enabled
Secured GUI Listen on port 8003
Let me know if there's some other pertinent info, but what am I missing?

SOLVED --
The mistake was my own...in writing this post and re-testing, I realized I had made a foolish mistake. I applied an access-list (which I forgot to include) to the "ip wccp web-cache redirect-list bypass_content_engine" in the global config of the router.
When I installed service 95 for spoofing, I automatically added the same access list to it as well.
This was not a good thing since the access list denied packets with a destination of our internal IP addresses from going through the content engine. This worked fine on the way *out* of the router. But as the now-spoofed packets returned, their destination was an inside IP address and they were pretty much discarded. Foolish Mistake!
Removing the ACL from the "ip wccp 95" statement in the global config fixed the issue and I am spoofing fine.
Sorry to waste time...
David Hunter

Similar Messages

  • Smartfilter with Content Engine Module (NM-CE-BP-40G-K9) & ACNS on 3661

    I've been looking over the CCO docs, but can't find one that has sample configs for using a 3661 router containing content engine module, smartfilter, & ACNS. Topology is basically the following...
    (PC's)----(LAN Switch)-----(3661 w/content engine module)----(PIX)---(internet)
    I don't want to creat a new IP subnet for the 3 interfaces within the content engine module/router. I want to use the IP's from the current LAN IP Block.
    Any advice appreciated.

    I thought this might help.
    Easy NM-CE Configuration Guide!
    Router IOS:c3725-ik9o3s-mz.122-15.T2
    Content Engine Software: ACNS 5.0.3.5
    Configure basic router configuration as normal.
    Set the IP addresses for the Service Module (Content-Engine) using these commands:
    interface Content-Engine2/0
    ip address 10.1.1.1 255.255.255.0
    ip nat inside
    service-module external ip address 10.0.0.1 255.255.255.0
    service-module ip address 10.1.1.2 255.255.255.0
    service-module ip default-gateway 10.1.1.1
    Complete Config Example (DHCP and NAT for Lab):
    urrent configuration : 2440 bytes
    version 12.2
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname lab3745_NM-CE
    logging queue-limit 100
    enable password cisco
    ip subnet-zero
    ip wccp web-cache
    ip dhcp pool NM-ESW-16-POOL
    network 10.1.2.0 255.255.255.0
    domain-name cisco.com
    default-router 10.1.2.1
    dns-server 171.68.226.120 171.70.168.183
    lease 7
    ip audit notify log
    ip audit po max-events 100
    no voice hpi capture buffer
    no voice hpi capture destination
    mta receive maximum-recipients 0
    interface FastEthernet0/0
    ip address 172.16.12.108 255.255.255.0
    ip wccp web-cache redirect out
    ip nat outside
    duplex auto
    speed auto
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    interface FastEthernet1/0
    no ip address
    interface FastEthernet1/1
    no ip address
    interface FastEthernet1/2
    no ip address
    interface FastEthernet1/3
    no ip address
    interface FastEthernet1/4
    no ip address
    interface FastEthernet1/5
    no ip address
    interface FastEthernet1/6
    no ip address
    interface FastEthernet1/7
    no ip address
    interface FastEthernet1/8
    no ip address
    interface FastEthernet1/9
    no ip address
    interface FastEthernet1/10
    no ip address
    interface FastEthernet1/11
    no ip address
    interface FastEthernet1/12
    no ip address
    interface FastEthernet1/13
    no ip address
    interface FastEthernet1/14
    no ip address
    interface FastEthernet1/15
    no ip address
    interface Content-Engine2/0
    ip address 10.1.1.1 255.255.255.0
    ip nat inside
    service-module external ip address 10.0.0.1 255.255.255.0
    service-module ip address 10.1.1.2 255.255.255.0
    service-module ip default-gateway 10.1.1.1
    interface Vlan1
    ip address 10.1.2.1 255.255.255.0
    ip nat inside
    ip local pool NM-ESW-16-POOL 10.1.2.2 10.1.2.254
    ip nat pool TEST-NAT-POOL 172.16.12.108 172.16.12.108 prefix-length 24
    ip nat inside source list 7 pool TEST-NAT-POOL overload
    ip http server
    no ip http secure-server
    ip classless
    ip route 0.0.0.0 0.0.0.0 172.16.12.254
    access-list 7 permit 10.1.2.0 0.0.0.255
    access-list 7 permit 10.1.1.0 0.0.0.255
    access-list 7 permit 10.0.0.0 0.0.0.255
    call rsvp-sync
    mgcp profile default
    dial-peer cor custom
    line con 0
    speed 115200
    line 65
    flush-at-activation
    no activation-character
    no exec
    transport input all
    line aux 0
    line vty 0 4
    password cisco
    login
    end
    reset service-module 2 to reboot the Content-Engine:
    service-module content-Engine 2/0 reload
    Within 30 Seconds Session from the Router to the Service Module:
    service-module content-engine session
    Enter Basic Configuration for Network Module:
    Password, etc…
    Configure The service Modeule using the command line interface:
    hostname NM-CE-BP
    ip domain-name CISCO.COM
    interface FastEthernet 0/0
    ip address 10.0.0.1 255.255.255.0
    exit
    interface FastEthernet 0/1
    ip address 10.1.1.2 255.255.255.0
    exit
    ip default-gateway 10.1.1.1
    primary-interface FastEthernet 0/1
    ip name-server 172.72.1.1
    wccp router-list 1 172.16.12.108
    wccp web-cache router-list-num 1
    wccp version 2
    username xxx password xxxx
    username xxxx privilege 15
    authentication login local enable primary
    authentication configuration local enable primary
    NM-CE-BP#exit
    You can use the command line interface to show statics from the Content Engine by using the show statistics screen command or use your web browers for a more graphical report.

  • Rate Limiting - Will Content Engine 590 solve my problem?

    We have a Cache Engine 550 deployed in our network which is great for reducing traffic on the Link to the Internet, however I have now run into a little problem with the device as we are now trying to implement Bandwidth Shaping using the existing Cisco infrastructure and thus the Cisco IOS.
    One of the IOS features concerned is Committed Access Rate (CAR).
    We would like to do some traffic shaping according to certain IP Protocols such as FTP, HTTP as well as rate limiting certain of our customers (IP Blocks) so that they don’t saturate the Serial link to our ISP.
    The problem we have is that the Cache Engine 550 replaces the original requestors IP with its own as it (the CE) now takes over as the requestor to the Internet – thus we have all HTTP traffic via our ISP having the source as that of the Cache Engine.
    Due to this we cannot “Rate-Limit” a particular customer (IP range).
    Question-------
    Does the Content Engine 590 (ACNS, ICDN) enable me to complete my task and control the Serial connection the way I would like to?
    Can I do a sort of “IP Spoofing” so that the original IP is still in place, but the Content Engine still does its job of Caching?
    I have already looked at the Packeteer – unfortunately it only has Ethernet ports.
    The WiseWan 401 with HSSI port looked promising, but I feel that even though it will do great shaping and graphs it will still not solve the problem of a saturated link upstream to the ISP (from the boxes point of view), I will still sit with packets being dropped and thus bandwidth wasted.
    Anyone out there with any other solution?
    Thanks in advance.
    Lutz.

    Hi,
    We have just implemented IP spoofing in version 4.2 of ACNS code. (Caching) which will only run on a 590/560/507/7320 cache.
    Version 4.2 sould be available at the end of July early August. This will slove you problem with identifing traffic to rate limit.
    Cheers
    Phil

  • Content Engine performance issue

    Hi. I have 2 pairs of Content Engines in my network. Both pairs work in redundancy mode. One pair services external requests to the internet and the other is for servicing requests made to internal 'http' resources. It has been observed that the CE's are getting slow over a period of time. One of the CE's also gives out a message 'Unsupported hardware'. Can anyone help me out on this?

    Hi. It has been a couple of weeks that this slow performance has been observed. There was no change in any hardware or software done. Hence it makes the matter more intriguing.

  • Use of outgoing proxy with content engine

    Hi All,
    I'm experiencing problems using the "outgoing proxy" feature with a content engine running ACNS 4.03.
    When this feature is enabled, it takes a long time to get the "execute or save to disk" popup window in the web browser, but when I get it, the file is downloaded in a few seconds.
    It seems like the CE waits for the file to be completely retrieved before delivering it to the client...
    This is not service impacting when this is a small file, but when the file is bigger than 1MB, the browser fails with a timeout.
    Can anyone help ?
    Thanks,
    Phil.

    4.01b1 code had a hardcoded proxy timeout value of 300 micro seconds. The ability to set this value was introduced in 4.03 to address symptoms like the one you are describing when the CE is not able to connect to its upstream proxy within this time constraint. (also documented the following bug : CSCdv36226 - "Need CLI to configure connection timeout for outgoing proxy"
    The fix was implemented with the addition of the follwoing command to set this value: 'http proxy outgoing connection-timeout' command:
    590(config)#http proxy outgoing connection-timeout ?
    <200-5000000> Timeout period for probing outgoing proxy servers in microseconds
    590(config)#
    I hope this helps!
    Cheers,
    Perry.

  • Content engine DNS question

    We're using the content engines to cache web & ftp traffic.
    If we have multiple DNS servers listed, does the content engine use them from top-down (if not found from 1st, go to next), or in rotation (like round-robin)??
    We have multiple domains that require multiple DNS servers to work together, and there are DNS records that only each DNS server knows about.
    The server I listed on top has records that are more frequently requested, so I'm hoping it's the top-down fashion.

    Content Engines with ACNS 5.1 software can intercept DNS requests that have been issued to DNS servers (forwarders or recursive) that traverse the interception device. Upon receiving a request, the Content Engine transmits that response to the client if it has a current cached response. For more information refer
    http://cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_chapter09186a00801cc94b.html#wp1108669

  • Content Engine Network Module for Caching File Server Objects

    We have a content engine network module for a 2821 router located at a branch office that we'd like to use for clients to obtain locally cached file objects from a Windos server located at our headquarters or corporate office. I've been looking for some sample configs or documentation that will show me that this is possible and on how to do it since this is my first time ever doing. All I was able to find so far was the link below under "Support of Preloading of NTLM Authenticated Objects", but it seems incomplete in providing configuration tasks that most CCO doc's usually provide. Has anyone else had any luck finding some useful doc's or sample configs to get this accomplish? Thanks in advance.
    http://www.cisco.com/univercd/cc/td/doc/product/webscale/uce/acns55/55ldg/urlfiltr.htm#wp1158213

    You can't cache Windows Files using the Cache Engines.
    You CAN do this using WAFS though. I'd suggest looking at the WAFS (or upcoming WAAS) products, which use WCCP like the Cache Engines to transparently redirect Windows File Sharing requests.

  • ACNS - Content Engine Pre-Positioning Video

    Is it possible to load content onto a Content Engine CDNFS partition directly without using CDM? We have large videos that we would like to get the content from a PC to the Content Engine at the remote location

    Hi,
    The CDNFS partition and its database is managed exclusively by the CDM Manager. You can't upload files directly to that partition without using CDM. Thanks!
    I hope this helps!
    Regards,
    Jose Quesada.

  • Help!!! Content engine

    my configuration is follow the attached file. I don't know what is wrong with my content engine using as a cache server. when i connect this CE to my network, i can make my user access to the internet fast only 2 days, but after 2 days it makes my users internet connection slow. So when users access to the internet slow, i disconnect this CE from my network, then my users internet connections is running better. So please help me to find what is incorrect with my configuration and what commands i should add more to this current configuration"

    What is the ACNS software version u r using in ur content Engine7305.I am sending u a configuration doc for ACNS rlease 5.2.This has all the info regarding ACNS 5.2.
    http://www.cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_book09186a00802debd6.html
    Let me know, if you have any problem in browsing this big document. and finding out the pblm.I will assist you.

  • Should the Content Engine work while the Inernet link is down ?

    I have installed CE590 in a client network
    The http saving performance is from 30 : 40 %
    My client want to make sure the CE is caching the web site
    He want to shutdown Serial port of the main router , and try to browse web sites. ( the Cached sites )
    Should he get a reply from the CE and browse the cached sites ??
    I mean , Can the PC browser ( while the internet is link is down ) open page like www.yahoo.com for example if it is cached on the CE ??
    Is there is any command of the CE that can display the name of the cahced web pages ?
    Note : Cisco Content Engine Software Release 3.11
    Can anyone help me ?
    Thanks
    Mohamed Abdallah

    Mohamed,
    Before you go any futher you need to upgrade the CE to ACNS 4.2.3. There are known issues with 3.1.1.
    To answer your question the CE will only server content if it can not access the internet if the object is fresh. By this I mean the object has not expired or the object does not need revalidation eg If modified since request.
    This could cause problems with broken pages etc etc.
    Your best option is to turn on transaction logging.
    transaction-logs enable
    You can then go to the local1/logs directory on the CE
    type working.log
    This will show you the urls that clients are requesting and if they got a hit / miss/ ims hit / ims miss etc etc.
    Overall your cache should always have access to the origin server for content.
    Cheers
    Phil

  • Cisco Content Engine for Content Filtering

    Hi All,
    I am looking for a low end solution for Content Filtering and would like to use Cisco Content Engine.
    1. The documentation said that Websense, Secure Computing SmartFilter (does not require separate SmartFilter) & N2H2 support is there on the CE. I used configurator on CE 510, but it did not give me option for any of those. I would appreciate any input in this regard.
    2. Also, I assume that once I get a Content Engine, I don't need to use Microsoft Proxy any more, please confirm.
    regards,
    Ahmer Ghazi

    You would have to Install the Smartfilter software on the Content engine that would work with the ACNS software running on the CE. SmartFilter software operates inside your network to control user access to external Internet resources and allows you to restrict access to World Wide Web pages, newsgroups, and FTP sites.
    For more details refer:
    http://www.cisco.com/univercd/cc/td/doc/product/webscale/uce/acns41/smrtfltr/sf_chap1.htm
    The Content Engine does the job of storing content locally and serving it to the users, so you would not need to use the Microsoft Proxy.

  • Graceful Shutdown of a Content Engine (CE510, CE565)

    May I come back to y.lo's message from January this year. He asked for a shutdown or halt command for CEs.
    There is a possibility to shutdown the NM-CE-BP (network module) with the service-module command form the IOS. There must be something similar in ACNS! In the manuals there is quite often a referenc to "orderly shutdown" or "gracefully shutdown", but I couldn't find the appropriate command anywhere near these references.
    Thanks.

    Its not exactly graceful but I've always done a reload with the console plugged in, then when the BIOS messages come up for accessing the flash (before the disk scan), I power it off. The theory is the disks have been cleanly shutdown and the linux subsystem will flushed the filesystems and the content engine isn't actually running. If there is a command I'd like to know it as well.
    regards
    Mark

  • Content Engine transaction logs -- monitoring and analysis

    At our remote sites there's a local Cisco CE511 to ease our WAN bandwidth. I have been tasked to find a method to gather CE usage for trending and troubleshooting.
    From my search on the internet I decided to go with the Webalizer application. I setup the CEs to export their transaction logs every hour to my FTP server. After a test of Webalizer on a log file, it produced a nice HTML report for that hour.
    I would like to discuss with anyone on bringing this up to a new level. I would like webalizer to run as a cron job, but the log file names changes every hour. So that's a hurdle I need to figure out. Also keeping track of user web hits is important. I would like to make sure my reports are accurate in reporting what IP address is the top talker.
    I hope this will start a productive exchange of ideas. Thanks.

    Simple Network Management Protocol (SNMP) is an interoperable standards-based protocol that allows for external monitoring of the Content Engine through an SNMP agent.
    An SNMP-managed network consists of three primary components: managed devices, agents, and management systems. A managed device is a network node that contains an SNMP agent and resides on a managed network. Managed devices collect and store management information and use SNMP to make this information available to management systems that use SNMP. Managed devices include routers, access servers, switches, bridges, hubs, computer hosts, and printers.
    An SNMP agent is a software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP. The SNMP agent gathers data from the Management Information Base (MIB), which is the repository for information about device parameters and network data. The agent can also send traps, or notification of certain events, to the manager.
    http://www.cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_chapter09186a0080236630.html#wp1101506

  • Content engine 565 - real server relay

    hi all,
    we have a standalone content engine 565 running acns 5.3.1. we would like to realize something like a live stream 'relay':
    we place the ce on the network edge and it receives a live stream (rtsp) directly from a content provider. the internal clients send their rtsp requests for that live stream directly to the ce which answers the requests. one important thing is that we cannot use a proxy configuration, because a proxy config on the client is not possible - meaning that we need to place requests directly (no direct or transparent proxy). in the real subscriber config interface I saw the receiver/transmitter section - is that the right way to go? where can I find config examples or documentation for that issue. on the cisco website I could not find any detailed documentation for real subscriber configs.

    thanks for the answer - i realized it rather late. can you help me in configuring this setup? as i said I cannot find any documentation support for such a setup...I would really appreciate any help.
    thanks,
    daniel

  • Content Engine and PHP WebSites

    Hi,
    I have Content Engines in a transparent caching scenario. The HTPP traffic being redirected to the CEs are from squid proxies.
    Sometimes, for php written sites, when the client tries to access the website or a particular link in a website, instead of getting the site content he gets a popup window asking if he wants to save the content or cancel the operation.
    I noticed that this problem does not happen if I force the client browsers to use HTTP1.1 through proxy connections or if ... I clear the cache content (the content engine content).
    If I access these sites using a dial-up line this problem doesn't happen. Only from the customer network, where I deployed the transparent caching solution does this happen.
    Does anyone have a clue regarding this issue?
    Thanks in advance for your attention.
    Regards,
    Ricardo

    Thanks for your reply.
    I do not have any rules applied on the CE configuration.
    After looking to some sniffer traces I took I suspect that my problem is related with the fact that I have requests made with browsers configured for HTTPv1.0 through proxy connections and others HTTPv1.1 through proxy connections.
    When a client browser makes the request using HTTPv1.1 through proxy connections the content will be cached in encoded gzip format.
    At a later time when another client, this time using HTTPv1.0 through proxy connections, tries to access the same content the content engine will deliver it encoded ... but the browser does not support it, and a pop-up window appears asking if the user wants to save the content.
    So, now I suspect that this has nothing to do with the site itself but only with the requests and responses.
    The clients are behind squid proxies.
    It is the traffic originated by the squid proxy that is being redirect trough WCCP to the content engine.
    I will do additional tests and try to find a way to solve this issue.
    Once again Thanks for your reply.
    I've you have any additional comments, feel free!
    I need it :)
    Ricardo

Maybe you are looking for

  • Best Buy sold me two Lenovo notebooks without left speakers!

    I camped out for 12 hours at the Best Buy in Brighton, MI and ended up purchasing two Lenovo g575-438343u notebooks for $180 each.  One of the first things I noticed was that the black seal was broken and there was clear packaging tape over it.  A st

  • While performing Insert, it takes too much time ?

    I have a SQL which while executed returns over 40,000 rows and runs under 15 secs. I use the same SQL to perform an insert into a temp. table using a Stored Procedure and it takes over 50 mins !! I don't understand this, why it takes that long? Remem

  • Report DETAILED RECEIVABLES AGING REPORT

    the client Arquicentro load report Customer Receivable Aging by Sales Employees they generate report DETAILED RECEIVABLES AGING REPORT but this report doesn´t show details documents with POSTING DATE The client has request that scales to support this

  • Good Strength no Connection 2nd Building

    Hi, My new Linksys WRT54G Wirless is working fine with my laptop about 10 feet away. When i take the same lapop to another building abut 100 feet away I get a good signal but no connection.  When I use the Repair function the signal shows the max on

  • Updated today and am stuck at itunes cable screen. phone is locked down, can't get past this screen.

    I updated iTunes today, my phone was connected to my Windows computer and I got a screen telling me iTunes didn't update. I downloaded iTunes again, and I restarted my computer and connected phone to it, iTunes doesn't come up nor does it see my phon