ACE 4710 blocking FTP WLSD directory listing

Similar Messages

• FTP Get File List Action Block, It's double listing files!  ver 11.5

  Hi guys.. I have a good one!   I have an FTP Get File List action block in my BLS transaction.  Occasionally, it double lists the files in its output.   For testing I put a repeater with a logevent output where I log the filename, date, and size.  Heres what I saw for my action block output.
  2009-02-13 00:38:00,963  [UserEvent] : File Name: DMM_Export_0010056.txt, File Date 2009-02-13T00:36:00, File Size 339
  2009-02-13 00:38:00,963  [UserEvent] : File Name: DMM_Export_0010056.txt, File Date 2009-02-13T00:36:00, File Size 339
  This is xMII  version 11.5.6 b73  with java 1.4.2_07
  I have a workaround by putting in a distinct action block, after the filelist, but anybody have an idea why this might happen?   My theory is that something might be occuring if the file is being written to while we try to process it, but not sure. 
  I've been building BLS parsers since 2003, (Remember those fun times with Jeremy?)   I've never seen this happen.

  My example is a sample log file before the distinct action.  The general log shows nothing other than the subsequent transaction errors I get as a result of running the same error twice (Tcode return from BAPI calls etc)
  Here is something else interesting..  my userlog file is acting funny, like its trying to write on top of itself.  could it be the transaction is actually running twice or parts of it? 
  For example look at the following log entries
  This is how my log file entry for a production confirmation should look
  2009-02-13 00:38:06,854 [LHScheduler-Int10_NestingWOProdConf] INFO   UserLog - [UserEvent] :
  However sometimes... its looking like this...
  2009-02-13 2009-02-13 00:38:11,854 [LHScheduler-Int10_NestingWOProdConf] INFO   UserLog - [UserEvent] :
  Like it started writing to the log, then started again.
  The problem we are having is that we have JCO calls to SAP in this transaction that does goods movement, we get locking / block errors back from our  saying that we (our sap account) is already updating the information.   Sometimes the information would be posted twice!  You can see how this has become a HUGE issue posting data to a LIVE system twice.
  This is happening on 2 xMII servers.

• Anonymous ftp does not list directory - Solaris 9

  I've got 2 Solaris 9 systems set up for anonymous ftp access. One will show a directory listing, the other won't. AFAIK, I set them up the same, and the ftpd binaries have the same checksum. Anyone know how to permit the directory listing?
  By directory listing, I mean either the '"dir" command in a command-line session or via a browser (e.g., ftp://ftpserver.whatever.domain)
  Baffling behavior, and I can't find anything in Sun's docs to explain.
  Thanks.

  This is exactly the same question which you posted in this thread:
  ldd on my library (sample.so) fails to resolve SUNW_1.9.1 version of libnsl
  Please don't post the same question twice

• FTP Server "Failed to retrieve directory listing"

  I am setting up a new FTP site on Server 2012. I can access the site locally but when accessing using filezilla externally I get the error:
  Status:    Connecting to 203.109.232.97:21...
  Status:    Connection established, waiting for welcome message...
  Response:    220 Microsoft FTP Service
  Command:    USER ftptest
  Response:    331 Password required
  Command:    PASS **********
  Response:    230-Directory has 857,133,400,064 bytes of disk space available.
  Response:    230 User logged in.
  Command:    OPTS UTF8 ON
  Response:    200 OPTS UTF8 command successful - UTF8 encoding now ON.
  Status:    Connected
  Status:    Retrieving directory listing...
  Command:    PWD
  Response:    257 "/" is current directory.
  Command:    TYPE I
  Response:    200 Type set to I.
  Command:    PASV
  Response:    227 Entering Passive Mode (203,109,232,97,233,180).
  Command:    LIST
  Response:    150 Opening BINARY mode data connection.
  Error:    Connection timed out
  Error:    Failed to retrieve directory listing
  Have opened ports on firewall but still not working. Not sure what to try next

  Check : http://social.technet.microsoft.com/Forums/windowsserver/en-US/706e5104-325c-4c43-8c06-a20704569bf4/ftp-server-failed-to-retrieve-directory-listing?forum=winservergen
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• FTPS with ACE 4710

  Hi,
  I need to configure ACE for load-balancing FTPS. And simply deploying L4 policies are not helping either. Configured the FTPS servers and both of them are working fine when accessed via physical IP, but do not work when accessed via the VIP.
  if it is possible, a reference URL would really be a great help.

  Hi Rajiv,
  Do you want to loadbalance SFTP ?
  Or just have it pass through ??
  Loadbalancing SFTP is difficult because it starts as regular FTP and switches over to SSL which ACE can't do and fails to understand.
  you don't need anything to have it passthrough.
  As long as you don't ask ACE to inspect the traffic, and assuming this traffic is permitted in your access-group, then there is nothing to do to have it go through.
  I think your goal is to distribute inbound file deposits evenly across SFTP servers.
  High-level Overview
  Clients -> Internet -> Tier-1 Firewall -> ACE Load-balancer -> SFTP Servers
  I would like to tell you that SFTP is nothing but SSH. It uses a single connection. There are no issues loadbalancing it using traditional Layer 4 load balancing.
  So you are good.
  On the other hand FTP over SSL (FTPS) can neither offloaded nor loadbalanced using ACE.
  FTPS uses multiple channels and Since the control channel is encrypted, ACe is not able to get the port numbers for the data connections.
  Kindly find these examples for FTP load balance method in cisco ACE:
  1. FTP serverfarm on Cisco ACE
  http://snippets101.blogspot.com/2007/06/ftp-serverfarm-on-cisco-ace.html
  2. FTP Load Balancing on ACE in Routed Mode Configuration Example
  http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_Routed_Mode_Configuration_Example
  3. FTP Load Balancing on ACE in One-Arm Mode Configuration Example
  http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_One-Arm_Mode_Configuration_Example
  Kindly refer the folowing URL for Layer4 policies:
  http://cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3048.shtml
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_Layer_4_Load_Balancing
  http://snippets101.blogspot.com/2008/08/cisco-ace-and-private-vlans-in-switch.html
  http://snippets101.blogspot.com/2008/08/asymmetric-server-normalization-on.html
  http://docwiki.cisco.com/wiki/Cisco_ACE_4700_Series_Appliance_Quick_Start_Guide,_Release_A3(1.0)_--_Configuring_Server_Load_Balancing
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/security/guide/tcpipnrm.html#wpmkr1116809
  Hope it will help you furhter in configuring the ACE load balancing L4 policies.
  Kindly rate
  Sachin Garg

• ACE 4710 SAML Tokens

  I am using an ACE 4710 and am converting incoming WSS username tokens to SAML Tokens - authenicating against Tivoli directory.
  The receiving web service is attempting to validate the SAML token but fails on digest verification. i.e. calculates the digest value over the SAML token and compares to the digest in the Xml Signature block.
  Is anybody else using SAML tokens?
  Has anyone else seen a similar problem?

  By adding SAML assertions to outgoing requests, the ACE XML Gateway can act as an asserting party for systems that rely on SAML credentials. The SAML assertions generated by the ACE XML Gateway can be in the form of a SAML 1.0, SAML 1.1, or SAML 2.0 credential.
  The following url may help you;
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_xml_gateway/v52/user/guide/axg_ug_backendauth.html#wp1049962

• ACE 4710 in bridge mode

  Hi,
  We got new ACE 4710 device and i am trying to configure that in Bridging mode.
  I am trying to loadbalance between two servers which is connected as shown below:
  Servers -> Switch -> Router (with subinterface).
  Servers IP: 172.16.11.1 and 172.16.11.2
  Router IP: 172.16.11.254
  Default route is router IP address for servers.
  I am new to ACE and I am confused about how to assign interface on ACE so that ACE can bridge the traffic between router and servers VLAN.
  We have some more servers which are on different VLAN but can connect to these servers as router is doing inter-vlan routing too.
  I want inter-vlan routing and load balancing between above two servers concurrently. Pls. help in this regard.
  Also attaching the ACE config file.

  Here is the config, hope this will help.
  Admin Context
  =============
  resource-class ngmp_rc1
  limit-resource all minimum 0.00 maximum unlimited
  limit-resource sticky minimum 0.20 maximum unlimited
  interface gigabitEthernet 1/1
  switchport access vlan 1000
  no shutdown
  interface gigabitEthernet 1/2
  switchport trunk allowed vlan 10,13
  no shutdown
  interface gigabitEthernet 1/3
  no shutdown
  interface gigabitEthernet 1/4
  shutdown
  access-list ALL line 8 extended permit ip any any
  access-list everyone line 8 extended permit ip any any
  access-list everyone line 16 extended permit icmp any any
  class-map type management match-any remote_access
  2 match protocol xml-https any
  3 match protocol icmp any
  4 match protocol telnet any
  5 match protocol ssh any
  6 match protocol http any
  7 match protocol https any
  8 match protocol snmp any
  policy-map type management first-match remote_mgmt_allow_policy
  class remote_access
  permit
  interface vlan 1000
  ip address 192.168.16.16 255.255.255.0
  access-group input ALL
  service-policy input remote_mgmt_allow_policy
  no shutdown
  ip route 0.0.0.0 0.0.0.0 192.168.16.254
  context apps
  allocate-interface vlan 10
  allocate-interface vlan 13
  member apps_rc1
  APPS Context
  ============
  rserver host srv1
  ip address 192.168.10.1
  inservice
  rserver host srv2
  ip address 192.168.10.2
  inservice
  rserver host srv3
  ip address 192.168.10.3
  inservice
  serverfarm host apps_srv
  rserver srv1
  inservice
  rserver srv2
  inservice
  rserver srv3
  inservice
  class-map match-all ftp-vip
  2 match virtual-address 172.16.10.10 tcp eq ftp
  class-map match-all http-vip
  2 match virtual-address 172.16.10.11 tcp eq 8080
  class-map type management match-any remote-mgmt
  201 match protocol snmp any
  202 match protocol ssh any
  203 match protocol icmp any
  204 match protocol http any
  205 match protocol https any
  206 match protocol xml-https any
  policy-map type management first-match remote-mgmt
  class remote-mgmt
  permit
  policy-map type loadbalance first-match slb
  class class-default
  serverfarm apps_srv
  policy-map multi-match client-vips
  class ftp-vip
  loadbalance vip inservice
  loadbalance policy slb
  loadbalance vip icmp-reply
  inspect ftp
  class http-vip
  loadbalance vip inservice
  loadbalance policy slb
  loadbalance vip icmp-reply
  interface vlan 10
  bridge-group 1
  access-group input bpdu-fixup
  access-group input ALL
  access-group output ALL
  no shutdown
  interface vlan 13
  bridge-group 1
  access-group input bpdu-fixup
  access-group input ALL
  access-group output ALL
  service-policy input remote-mgmt
  service-policy input client-vips
  no shutdown
  interface bvi 1
  ip address 192.168.10.9 255.255.255.0
  no shutdown
  ip route 0.0.0.0 0.0.0.0 192.168.10.254
  Thanks,
  Pawan

• ACE 4710 using SAML Tokens

  reposted from another forum:
  Am using an ACE 4710 and am converting incoming WSS username tokens to SAML Tokens - authenicating against Tivoli directory.
  The receiving web service is attempting to validate the SAML token but fails on digest verification. i.e. calculates the digest value over the SAML token and fails when comparing to the digest in the Xml Signature block.
  Is anybody else using SAML tokens?
  Has anyone else seen a similar problem?

  You are right we are using transport encryption (SSL) to protect the WSS Password.
  We then use LDAP to authenticate the username/password and create a SAML token using attributes from LDAP. The ACE Xml Gateway creates this SAML token, signs it and inserts into the SOAP header that is forwarded to our service.
  At our service we are trying to verify the signed SAML token. The error we are seeing is the Xml signature digest created by the ACE XML Gateway is wrong.
  With XML signature some Xml referenced by an ID is canonicalised, hashed (digest created) and then this digest is encrypted using the private key of some certificate.
  On receipt we repeat the process, canonicalise and hash the Xml referenced and compare our computed digest to the one created by the ACE device. This is where we get the error. We are using the standard canonicalisation and hashing algorithms (c14n and SHA1 respectively). Our code can successfully verify SAML tokens from other sources.

• ACE 4710: Possible to allow a user to clear counters but nothing else?

  Hello all,
  Using an ACE 4710 we have a user setup with the Network-Monitor role which allows the user to view config, interface status, etc.  We would also like to allow this user to clear the interface error counters as well, but nothing else.  Is this possible?
  Thanks!

  Hello Brandon-
  Network-Monitor only lets you browse outputs, it is a not a role that allows a user to make any changes including clearing stats.  You can create custom roles and domains to get closer to what you want, but you cannot zero in on a single command like that.
  i.e.
  ACE# conif t
  ACE(config)# role MyRole
  ACE(config-role)# rule 1 permit modify feature ?
    AAA             AAA related commands
    access-list     ACL related commands
    connection      TCP/UDP related commands
    fault-tolerant  Fault tolerance related commands
    inspect         Appln inspection related commands
    interface       Interface related commands
    loadbalance     Loadbalancing policy and class commands
    pki             PKI related commands
    probe           Health probe related commands
    rserver         Real server related commands
    serverfarm      Serverfarm related commands
    ssl             SSL related commands
    sticky          Sticky related commands
    vip             Virtual server related commands
  You can create a permit or deny rule, within that, create/debug/modify/monitor each feature seperately.
  Domains allow you to create containers for objects.  You can place specific rservers, serverfarms, etc. into it - then apply it to a role so that the user assigned to it can only touch those objects.
  Regards,
  Chris Higgins

• Remote  System Directory Listing/Navigation in JTree

  Hi
  I want my Remote System(Linux) directory listing to be available in a JTree. I need some help on implementing the same. Also How do i constantly get the directory structure of the remote system.
  Thanks in Advance

  http://java.sun.com/docs/books/tutorial/uiswing/components/tree.html
  http://en.wikipedia.org/wiki/Model-view-controller
  How you get the data depends on how you access the server. Maybe FTP.

• ACE 4710 in bridge mode not working

  I am trying to configure ACE 4710 bridge mode and I am stuck up in physical interface configuration. I have configured gig1/2 of ACE as trunk port and on layer 2 switch I have assigned that interface (gig1/2) to VLAN 11. I tried trunk port also but it got disabled due to BPDU error.
  I am not able to ping servers as well as gateway. Below are the topology and context configuration:
  Router   (vlan 13: IP 172.16.11.254)
       |
  ACE     (int gig1/2)
       |
  L2 Switch
       |
  Servers (vlan 11: IP 172.16.11.1 and 11.2)
  Admin Context
  ===========
  resource-class rc1
    limit-resource all minimum 0.00 maximum unlimited
    limit-resource sticky minimum 0.20 maximum unlimited
  boot system image:c4710ace-mz.A3_2_4.bin
  interface gigabitEthernet 1/1
    switchport access vlan 1000
    no shutdown
  interface gigabitEthernet 1/2
    switchport trunk allowed vlan 11,13
    no shutdown
  interface gigabitEthernet 1/3
    shutdown
  interface gigabitEthernet 1/4
    shutdown
  access-list ALL line 8 extended permit ip any any
  access-list everyone line 8 extended permit ip any any
  access-list everyone line 16 extended permit icmp any any
  class-map type management match-any remote_access
    2 match protocol xml-https any
    3 match protocol icmp any
    4 match protocol telnet any
    5 match protocol ssh any
    6 match protocol http any
    7 match protocol https any
    8 match protocol snmp any
  policy-map type management first-match remote_mgmt_allow_policy
    class remote_access
      permit
  interface vlan 1000
    ip address 172.16.16.16 255.255.255.0
    access-group input ALL
    service-policy input remote_mgmt_allow_policy
    no shutdown
  ip route 0.0.0.0 0.0.0.0 172.16.16.254
  context test
    allocate-interface vlan 11
    allocate-interface vlan 13
    member rc1
  test Context
  =========
  access-list bpdu-fixup ethertype permit bpdu
  access-list ALL line 8 extended permit ip any any
  access-list ALL line 16 extended permit icmp any any
  rserver host srv1
    ip address 172.16.11.1
    inservice
  rserver host srv2
    ip address 172.16.11.2
    inservice
  serverfarm host srv
    rserver srv1
      inservice
    rserver srv2
      inservice
  sticky ip-netmask 255.255.255.255 address both SG1
    timeout 120
    serverfarm srv
  class-map type management match-any remote-mgmt
    201 match protocol snmp any
    202 match protocol ssh any
    203 match protocol icmp any
    204 match protocol http any
    205 match protocol https any
    206 match protocol xml-https any
  class-map match-all slb-vip
    2 match virtual-address 172.16.11.10 any
  policy-map type management first-match remote-mgmt
    class remote-mgmt
      permit
  policy-map type loadbalance first-match slb
    class class-default
      sticky-serverfarm SG1
  policy-map multi-match client-vips
    class slb-vip
      loadbalance vip inservice
      loadbalance policy slb
      loadbalance vip icmp-reply
  interface vlan 11
    bridge-group 1
    access-group input bpdu-fixup
    access-group input ALL
    access-group output ALL
    no shutdown
  interface vlan 13
    bridge-group 1
    access-group input bpdu-fixup
    access-group input ALL
    access-group output ALL
    service-policy input remote-mgmt
    service-policy input client-vips
    no shutdown
  interface bvi 1
    ip address 172.16.11.9 255.255.255.0
    no shutdown
  ip route 0.0.0.0 0.0.0.0 172.16.11.254
  Could you pls. suggest where I am doing wrong?
  Thanks,
  Pawan

  " I tried trunk port also but it got disabled"   <----- if your L2 config is not correct, nothing will work.
  What is the setup on the switch ? Trunk or access vlan ?
  What is the status of the interface ? up ? down ?
  Do you see something in your arp table ?
  Gilles.

• Front end directory listing

  Question:
  Trying to create a page that displays a directory list of a folder content.
  Don't want to use the literature module...
  Would like to create a folder where I easily can upload files (ftp) and create a menu link that displays the folder content as a list using my master template and css ...
  The files in the list should be available for download.
  Any suggestions on how to achieve this?
  Answer:
  This is not possible on BC. You can display a folder view and links to all the content in it. You'll have to upload your items and create a page with links to those items.

  That's a server message. Means what it says.

• Directory listing of a Multi volume encrypted tapes on OpenVMS 8.3

  I have a full data backup for an openvms 8.3 server integrity server on two tapes that are encrypted.  If I mount the first volume and try to do a directory listing the process goes on indefinately; without giving any output and eventually I have to kill the process. e.g. DEV_DAISY> sh dev mk Device                  Device           Error    Volume         Free  Trans MntName                   Status           Count     Label         Space Count CntPLUTO$MKC200:           Online               0 DEV_DAISY> mount PLUTO$MKC200: dat801%MOUNT-I-MOUNTED, DAT801 mounted on _PLUTO$MKC200: DEV_DAISY> dir PLUTO$MKC200:[000000] The process goes on indefinately at this point of time. However If I mount the second volume and do a directory listing, It executes and gives me the required output as : Directory PLUTO$MKC200:[]DAT801.BCK;1 294976 31-MAR-2015 00:00:00.00Total of 1 file, 294976 blocks. I want to ask is it possible to do a directory listing on first volume. If not is it possible to read tape header information (i.e saveset name and date on which backup was taken) from the first volume without specifying the encryption key.

  I have a full data backup for an openvms 8.3 server integrity server on two tapes that are encrypted.  If I mount the first volume and try to do a directory listing the process goes on indefinately; without giving any output and eventually I have to kill the process. e.g. DEV_DAISY> sh dev mk Device                  Device           Error    Volume         Free  Trans MntName                   Status           Count     Label         Space Count CntPLUTO$MKC200:           Online               0 DEV_DAISY> mount PLUTO$MKC200: dat801%MOUNT-I-MOUNTED, DAT801 mounted on _PLUTO$MKC200: DEV_DAISY> dir PLUTO$MKC200:[000000] The process goes on indefinately at this point of time. However If I mount the second volume and do a directory listing, It executes and gives me the required output as : Directory PLUTO$MKC200:[]DAT801.BCK;1 294976 31-MAR-2015 00:00:00.00Total of 1 file, 294976 blocks. I want to ask is it possible to do a directory listing on first volume. If not is it possible to read tape header information (i.e saveset name and date on which backup was taken) from the first volume without specifying the encryption key.

• ACE 4710 Connectivity help?

  I'm using an ACE 4710 in a new datacenter, with the following setup:
  2/4 physical ethernet interfaces port channeled into port-channel 1
  2/4 physical ethernet interfaces port channeled into port-channel 2
  I have the following vlans defined:
  1001 - admin     - interface ip: 10.53.136.70
  400 - client side - interface ip: 10.53.136.100
  500 - server side - interface ip: 192.168.128.1
  999 - fault tolerance - interface ip: 192.168.11.2
  My problem is I am trying to nat ssh and web server traffic from the client side, to the server side, but it's never getting to the server.  For example, if I ssh to 10.53.136.102, it times out.  (10.53.136.102 should get nat'd to 192.168.128.2)
  Also, I can connect to the ACE 4710 via telnet using 10.53.136.70, but cannot connect to 10.53.136.100.
  I'm thinking there is either something wrong with the port-channels, or the access lists.  On the other hand there could be something wrong with the nat'ing, but I had it working before switching over to the port-channels.
  Any thoughts?
  Thanks,
  Brent

  I've attached the two contexts which we are using.  The admin context is new_lb_config.txt and the second context where the loadbalancing occurs is in the new_lb_config_VC_WBPX.txt file.
  From the load balancer, I am able to ping the real server ips in the 192.168. ip range.  The 4710 recognizes that they are in service.
  I believe the ACL for the VLAN 400 is set to permit all traffic, but I don't know if the service policies are preventing something from happening.
  Right now, I have disconnected the two 4710s and I am only working on one of them to see if I can get the basic connectivity going.  Once I accomplish that, I will work on high availability.  I'll have to check whether it thinks it is in passive mode...not entirely sure how to do that, but I will check it out.
  Thanks,
  Brent

• ACE 4710 - Internet Explorer cannot display the webpage randomly

  We have a ACE 4710 with a basic config, (see below).
  When clicking on a tab from a window within Interent explorer we occasionally get an issue with it returning: "Internet Explorer cannot display the webpage" The details show "Access is denied" accessing a particular line of a javascript file.
  We have put one web server out of service in the farm to make sure that this isn't a result of stickyness not quite working.
  We have tested extensively by going directly to the web server directly without the load balancer and cannot reproduce the problem but we can produce the issue within a few minutes when going to the load balanced address.
  Thanks in advance for any advice.
  HOST-1/Admin# show run
  Generating configuration....
  logging enable
  logging fastpath
  logging standby
  logging timestamp
  logging trap 6
  logging history 6
  resource-class SLB_ResourceClass_T_R
    limit-resource all minimum 10.00 maximum unlimited
  resource-class sticky
    limit-resource all minimum 10.00 maximum unlimited
  boot system image:c4710ace-t1k9-mz.A5_1_2.bin
  peer hostname HOST-2
  hostname HOST-1
  interface gigabitEthernet 1/1
    switchport access vlan 1000
    no shutdown
  interface gigabitEthernet 1/2
    shutdown
  interface gigabitEthernet 1/3
    description LB003
    switchport access vlan 1
    shutdown
  interface gigabitEthernet 1/4
    description LB004
    switchport access vlan 2
    shutdown
  interface port-channel 1
    port-channel load-balance src-dst-port
    no shutdown
  clock timezone standard GMT
  switch-mode
  context Admin
    description SUTLB01
    member SLB_ResourceClass_T_R
  access-list ALL line 8 extended permit ip any any
  access-list ALL line 16 extended permit icmp any any
  access-list everyone line 8 extended permit ip any any
  access-list everyone line 16 extended permit icmp any any
  probe tcp probe_tcp_80
    port 80
  rserver host Server_S_W301
    description Server_S_W301
    ip address x.x.32.152
    inservice
  rserver host Server_S_W302
    description Server_S_W302
    ip address x.x.32.154
    inservice
  serverfarm host sfarm_T_R
    description sfarm_T_R
    predictor leastconns
    probe probe_tcp_80
    rserver Server_S_W301 80
    rserver Server_S_W302 80
      inservice
  sticky http-cookie Cookie1 T_R_sticky_cookie
    cookie insert browser-expire
    timeout 3600
    serverfarm sfarm_T_R
  class-map match-any T_R_L4Class
    2 match virtual-address x.x.33.150 tcp eq www
  class-map type management match-any remote_access
    2 match protocol xml-https any
    3 match protocol icmp any
    4 match protocol telnet any
    5 match protocol ssh any
    6 match protocol http any
    7 match protocol https any
    8 match protocol snmp any
  policy-map type management first-match remote_mgmt_allow_policy
    class remote_access
      permit
  policy-map type loadbalance first-match T_R_L7policy
    class class-default
      sticky-serverfarm T_R_sticky_cookie
  policy-map multi-match T_R_L4Policy
    class T_R_L4Class
      loadbalance vip inservice
      loadbalance policy T_R_L7policy
      loadbalance vip icmp-reply active
      nat dynamic 2 vlan 1000
  interface vlan 1000
    ip address x.x.33.148 255.255.254.0
    access-group input ALL
    nat-pool 2 x.x.33.151 x.x.33.151 netmask 255.255.254.0 pat
    service-policy input remote_mgmt_allow_policy
    service-policy input T_R_L4Policy
    no shutdown
  ip route 0.0.0.0 0.0.0.0 x.x.32.1
  ssh key rsa 1024 force

  +------------------------------------------+
  +-------------- HTTP statistics -----------+
  +------------------------------------------+
  LB parse result msgs sent : 421347     , TCP data msgs sent       : 2099597
  Inspect parse result msgs : 0          , SSL data msgs sent       : 0
                        sent
  TCP fin msgs sent         : 6169       , TCP rst msgs sent:       : 769
  Bounced fin msgs sent     : 5          , Bounced rst msgs sent:   : 1
  SSL fin msgs sent         : 0          , SSL rst msgs sent:       : 0
  Drain msgs sent           : 337811     , Particles read           : 5040829
  Reuse msgs sent           : 0          , HTTP requests            : 342499
  Reproxied requests        : 183422     , Headers removed          : 37475
  Headers inserted          : 342124     , HTTP redirects           : 0
  HTTP chunks               : 224859     , Pipelined requests       : 71466
  HTTP unproxy conns        : 267246     , Pipeline flushes         : 0
  Whitespace appends        : 0          , Second pass parsing      : 0
  Response entries recycled : 71302      , Analysis errors          : 0
  Header insert errors      : 22         , Max parselen errors      : 215
  Static parse errors       : 99         , Resource errors          : 0
  Invalid path errors       : 0          , Bad HTTP version errors  : 0
  Headers rewritten         : 0          , Header rewrite errors    : 0
  SSL headers inserted      : 0          , SSL header insert errors : 0
  SSL spoof headers deleted : 0         , Unproxy msgs sent         : 267246
  HTTP passthrough stat     : 0
  NOTE - We did turn on caching at one point to try and resolve the issue but it has since been turned off