ACE redirection issue

Similar Messages

• ACE Redirect not working

  We have a ACE redirect configured on 3 physically seperate ACE modules with the following config. It works on one ACE Module and not on the other 2.
  Capture on the ACE and sniffer gives this error.R [bad tcp cksum 2d41!] ACE sends resets to the client. Anyone run into this issue?
  The software version is   system:    Version A2(1.0a) [build 3.0(0)A2(1.0a)
  rserver redirect Test
    webhost-redirection http://www.test.com
    inservice
  serverfarm redirect Test
    rserver Test
      inservice
  class-map match-any Test
    2 match virtual-address 192.168.10.10 tcp eq www
  policy-map type loadbalance first-match Test
    class class-default
      serverfarm Test
  class Test
      loadbalance vip inservice
      loadbalance policy Test
      loadbalance vip icmp-reply active

  Sorry maybe I didn't explain what I was getting at good enough...
  I guess I'm basically asking if there's potential for asymmetry at the site that's not working.
  For example.
  Say I have a load balanced server. It has two interfaces a "front end" and a "back end".  I manage the server on the backend from my laptop, for which the server has a route.  Now if I try to hit the public VIP of the LB, traffic is routed to the VIP, then to the server, but because the server already has a route to my laptop via the backend, it bypasses the load balancer on the return and replies directly to me, thus putting the flow out of sync and never completing the connection...
  Not saying that's it, but I've had so many asymmetry issues that are tough to figure out that It's usually one of the first things I rule out...
  It's possible if the site that's not working is local to you and the others aren't, this may be a potential issue??

• ACE Configuration Issue.

  We would like to configure on ace like below:
  the virtual ip address and port like this
  : 10.10.10.10:8000,this ip address will be use to outside user request servie
  and we have to configure server farm like below
  real server 10.10.10.1:8001, 10.10.10.1:8002, 10.10.10.1:8003 ...
  the ip address is same on 10.10.10.10:8000's serverfarm, but real server service is different, and this port should be loadbalanced and healchecked.
  Is it possible solution? F5 big ip , Nortal is possible, but I don't know on ACE above issue.
  If you ok. could you give me a sample configuration?

  page 2....
  Also i forget to tell you to
  8.create resourse-class
  9. create context othr then admin context if you need multiple contexts:
  (inside context add resource class)
  10 class map type management (for remote access)
  as follows:
  Kindly find some config sample as follows:
  ACE/Admin# sh run
  Generating configuration....
  resource-class ABCD_Resource
  limit-resource all minimum 5.00 maximum unlimited
  limit-resource sticky minimum 5.00 maximum unlimited
  boot system image:c4710ace-mz.A3_2_1.bin
  hostname ACE
  context Admin
  member ABCD_Resource
  access-list everyone line 10 extended permit icmp any any
  access-list everyone line 20 extended permit ip any any
  access-list for-cap line 8 extended permit ip any any
  probe http HTTP-Probe
  port 8000
  interval 2
  faildetect 2
  passdetect interval 15
  request method head
  probe icmp ICMP-Probe
  interval 2
  faildetect 2
  passdetect interval 60
  probe tcp TCP-8000
  port 8000
  interval 2
  faildetect 2
  passdetect interval 15
  passdetect count 2
  open 1
  rserver host A
  ip address 10.10.10.1
  inservice
  rserver host B
  ip address 10.10.10.2
  inservice
  rserver host C
  ip address 10.10.10.3
  inservice
  rserver host D
  ip address 10.10.10.4
  inservice
  serverfarm host SF-8000-1
  probe ICMP-Probe
  probe TCP-8000
  rserver A 8000
  inservice
  rserver B 8000
  inservice
  serverfarm host SF-8000-2
  probe HTTP-Probe
  probe ICMP-Probe
  probe TCP-8000
  rserver C 8000
  inservice
  rserver D 8000
  inservice
  class-map match-all L4-CLASS-REDIRECT-1
  2 match virtual-address 10.10.60.10 tcp eq www
  class-map match-all VIP-PORT-8000-1
  2 match virtual-address 10.10.60.10 tcp eq https
  class-map match-all VIP-PORT-8000-2
  2 match virtual-address 10.10.60.12 tcp eq https
  class-map type management match-any remote-mgmt
  10 match protocol ssh any
  20 match protocol telnet any
  30 match protocol icmp any
  40 match protocol http any
  50 match protocol https any
  class-map match-any server-initiated
  3 match source-address 10.10.10.4 255.255.255.255
  4 match source-address 10.10.10.3 255.255.255.255
  policy-map type management first-match remote-access
  class remote-mgmt
  permit
  policy-map type loadbalance first-match VIP-POLICY-8000-1
  class class-default
  policy-map multi-match Service-Policy-8000-1
  class VIP-PORT-8000-1
  loadbalance vip inservice
  loadbalance policy VIP-POLICY-8000-1
  loadbalance vip icmp-reply
  nat dynamic 1 vlan 60
  class L4-CLASS-REDIRECT-1
  loadbalance vip inservice
  loadbalance policy VIP-POLICY-8000-1
  policy-map multi-match Service-Policy-8000-2
  class VIP-PORT-8000-2
  loadbalance vip inservice
  loadbalance policy VIP-POLICY-8000-2
  loadbalance vip icmp-reply
  nat dynamic 1 vlan 60
  ssl-proxy server SSL-Offload-Proxy-2
  policy-map multi-match server-side
  class server-initiated
  nat dynamic 1 vlan 60
  interface vlan 10
  description APPPROD-Client-Vlan
  bridge-group 10
  mtu 1500
  access-group input everyone
  access-group output everyone
  service-policy input remote-access
  no shutdown
  interface vlan 30
  description management-vlan-interface
  ip address 10.10.30.22 255.255.255.0
  access-group input everyone
  access-group output everyone
  service-policy input remote-access
  no shutdown
  continued page 3......

• Ace Redirect and re-write

  Can anybody point me in the right direction for changing the URL when the ACE is performing the redirection?
  I have the standard ace redirection to HTTPS set up and it is working fine.
  I have a wildcard certificate *.abc.com but when the application was being tested the URL abc.com kicks up a certificate error in the browser.
  Not sure if I should have set the CN as *acb.com when ordering it but its done now.
  I am wanting to redirect when http://abc.com is put in the client browser to https://www.abc.com
  I have tried reading these forums and using header rewrite to change the location on response but it just doesn't seem to work.
  I have tried deleting/renaming/replacing the host header on request and rewrite/delete on response. Tried all sorts of regex nothing works.
  I can insert a header so I know the action is being hit, just can't seem to change the host on request or location on response.
  Any idea's?
  I am guessing the inner workings only allow for modification of these headers when the redirects are being done by the server and the headers are passing through the load balancer.
  on latest 5(2.1) version
  example of one I tried
  action-list type modify http ABC_MODIFY
    header rewrite response location header-value "https://abc(.*)" replace "https://www.abc%1"
  then applied to policy redirect map

  I tried another approach which seemed to work.
  rserver redirect RED2A
  webhost-redirection https://www.%h 302
  inservice
  rserver redirect RED2
  webhost-redirection https://%h 302
  inservice
  serverfarm redirect RED2-VIP-IN
  rserver RED2
  inservice
  serverfarm redirect RED2A-VIP-IN
  rserver RED2A
  inservice
  class-map type http loadbalance match-any RED2A-VIP-IN
  2 match http header Host header-value "abc.com"
  class-map match-any RED2-VIP-IN
  2 match virtual-address x.x.x.x tcp eq www
  ..etc
  policy-map type loadbalance first-match RED2-VIP-IN-LB-POLICY
  class RED2A-VIP-IN
    serverfarm RED2A-VIP-IN
  class class-default
    serverfarm RED2-VIP-IN
  this seemed to redirect the abc.com to https://www.abc.com and the other requests like other.abc.com to https://other.abc.com
  I tried regex for the header value match like [^\.]abc.com and ^abc.com but these didn't seem to match.

• Guest Anchor - Web Passthrough - Apple device web redirect issue

  Hi All,
  I've setup a Guest Mobility Anchor at DMZ with 5508 WLC. I've setup the EoIP mobility tunnel and everything works so far.
  Now, I was testing multiple clients to connect to the Guest SSID and observed that Apple devices are not redirecting url, resulting unsuccessful connection.
  I looked Cisco docs and added the command "config network web-auth captive-bypass enable" on the Anchor as recommended.
  Even after executing the command, I'm still facing web redirect issue with Apple Devices. I don't have any issues with other devices, except Apple.
  My controller running code AirOS 7.6.130.0. I'm using DMZ controller as DHCP server for Guests and public DNS servers as 8.8.8.8 & 8.8.4.4
  How to solve this web redirect issue? Will a Third-party generated CSR solves the problem?
  Thanks,
  CJ

  Hi All,
  The issue was with WISPr Protocol with iOS Clients. After upgrading the AirOS Code on the controller to 8.0.100.0; the issue with Web Redirect is resolved.
  Jagan

• Https redirection issue for Wireless Guest CWA - ISE 1.3

  Our Setup is
  ISE 1.3 (Patch level 2) running on ACS 1121
  2 nodes clustered with Admin, monitoring, policy service enabled ( Primary and Secondary ).
  Configured SSID Guest for Centralized web authentication with ISE.
  We have issues in web redirection with chrome . It is not redirecting to the ISE page but rather showing " Page cannot be displayed".
  By default chrome is pointing to https. For example if we type https://google.com it is not redirecting to ISE page. But when I specify the same as http://google.com it works.
  There is no issue with IE, Firefox as it is redirecting to ISE page with default https and i can see it is hitting our rule.
  Please advice.

  Hi Neno
  They are using a third party certificate (digi cert) for client auth. They have confirmed even if they use a self-signed-cert the result is same.
  So basically none of the https page is not loading. If we manually browse some https site from Firefox, IE the result is same showing " page cannot be displayed".
  Redirection to https is the problem which i have never faced with my other customer. This is the upgraded version of ISE from 1.2 to 1.3.

• Acrobat 9.0 Runtime Error Vista SBS 2003 Folder Redirection Issue

  I just got off of a two hour phone call with Adobe. They are unable to resolve my issue.
  After installing Acrobat 9.0, we receive the following error:
  "Microsoft Visual C++ Debug Library
  Runtime Error!
  Program: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
  The application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information.
  I have tried the recommend fix without success: http://kb.adobe.com/selfservice/viewContent.do?externalId=kb404597
  Someone please help. The user is an Administrator of the machine. The typical AppData path is \\servername\direct\username\Application. I changed it to x:\username\application to no avail.
  This is a Vista machine, all updates, with Small Business Server 2003 with File Redirection.

  Try http://www.adobe.com/go/kb401589
  Especially solution 4.

• Button URL Redirect - Issue passing %null% from LOV

  I have issue when attempting to pass %null% from a LOV to a subsequent target page. The URL Redirect works fine when a value in selected in the LOV but passes gibberish "?ll" when no value is selected from the LOV. Can anyone shed some light on what's is going on?
  Redirect looks like this:
  f?p=112:411:508326687872582::NO:RP,411:P411_AGENCY,P411_CATEGORY,P411_BUDGET_YEAR,P411_OIT_OFFICE,P411_DESCRIPTION:002,%null%,2012,1665,webJeff
  Edited by: jwellsnh on Jun 2, 2010 4:42 PM

  svk1965,
  Thank you for your response, I read many other threads and you are definitely on the right track. Got impatient though and took my project on a different track which ended being a better solution for me after all.
  Jeff

• Oracle Apps R12 iRec URL Redirection issue

  Dear Friends,
  We have configured R12 i-Rec in an server and placed in DMZ.
  we have made this server as external and we have made the irec responsibilities to external and using the DMZ Server URL we were able to work without any issue.
  Now to publish this URL to Interner users with https and Port masking , we have mapped this URL http://abc.com:8020 to https://xyz.com using Microsoft UGC Firewall 2010.
  Now from Internet we were able to hit the URL https://xyz.com and could login as oracle application user with the same url https://xyz.com
  But when we click any of the irec responsilities (irecruitmnt agency (or) others) which is made external, the page is redirected to the Real DMZ Server URL http://abc.com:8020/OA_HTML/...
  and it shows error:
  The page cannot be displayed.
  I believe it should not happen , throughout the session it has to maintain the same new URL
  Please let us know the Fix.
  Regards,
  DB

  Hi;
  What is error in apache log file?
  Regard
  Helios

• CWA redirect issue and access across the WAN

  Hello,
  I am trying to get CWA working on my wireless ISE setup and am having an issue where the guest portal redirect is pointing to the wrong port.  My setup is as follows:
  The PSN has two connections - Gig 0 is on our management VLAN 172.24.x.x  Gig 1 is on our guest network VLAN 10.190.x.x
  Using a laptop I connect to the guest ssid and guest portal times out as it is pointing to 172.24.x.x instead of the guest vlan 10.190.x.x
  We do not want guest traffic on the corp network for obvious reasons.
  One more question - Is it possible to have guest access work across the WAN?  For example, we have the admin box in Detroit and a PSN in Chicago.  Detroit's guest network is routed through a tunnel to Chicago currently.
  Some more info:
  Here is from the radius authentication details -
  cisco-av-pair=url-redirect=https://172.24.24.41:8443/guestportal/gateway?sessionId=ac18180a000024a45151d92d&action=cwa
  How do I force it to 10.190.x.x and how does ISE get 172.24.24.41 for the redirect address? DNS? I guess I am unfamiliar with how cisco-av-pair attribute is determined.  Any help will be greatly appreciated.

  Have you ran anything such as MTR on a Linux box (or WINMTR equivalent on PC)?  If so, can you find a trend in loss or high latency on a specific hop on the path? I would ensure you adjust the ICMP payload size to a higher size such as 1000Bytes and adjust the ping interval to every two seconds or so.  This ensures you are not running into an issue where the provider is rate limiting your pings, which is not uncommon for some providers, if the pings (ICMP messages) are terminating on their endpoints.
  Do you have QoS policies applied on interfaces on either end of these pings / traces?  If so, do you have assurance that ICMP messages will not be impacted by queue based dropping or shaping latency?  One solution is, move traffic from your ICMP traffic with the source or destination of your ICMP ping and trace endpoint in a priority queue with adequate bandwidth (should be a very low requirement).  This may not make sense since your bandwidth utilization is low, but shaping of busy flows can actually occur long before congestion, depending on your design. 
  Another item that may give you better insight is running and monitoring / graphing IP-SLA probes between your routers on each end.  You could then trend issues and give graphed evidence to your provider.  They could then compare your lossy  and high latency periods to their appliance interface, memory, and CPU loads to see if they can find a correlating trend.  It can be a hard battle to get ISPs to not only admit they have issues, but allocate resources to isolate and resolve these issues.  Good SLA probe data showing that their paths are not meeting delivery standards speak much louder that pings to them.

• Virtual page redirection issue - VWLC

  Hello All,
  I am using ISE for external web authentication. Once client enter the UN and PWD in the ISE guest portal, the client must redirect to 1.1.1.1 that is the local web page. But i get a blank page..? And also if i use local web page for the redirection also it is not working ..?
  Any idea..
  KVS

  Symptoms or Issue
  The URL redirection page in the client machine's browser does  not correctly guide the end user to the appropriate URL.
  Conditions:
  This issue is most applicable to 802.1X authentication sessions  that require URL redirection and Guest Centralized Web Authentication  (CWA) login sessions.
  Possible Causes:
  There are multiple causes for this issue. See the Resolutions descriptions that follow for explanation.
  Please check the below link for URL Redirection Resolutions:
  http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_troubleshooting.pdf

• ACE FTP issues with "inspect ftp"

  Hello.
  My clients want to access an FTP server, via ACE, and I am having some issues. They can login and issue only one command... the second command will not be accepted an after a few seconds the prompt shows the message "connection closed by remote host".
  I have sniffed traffic and I see that the connection between the client and the ACE has a strange behaviour because ACE open connection to data using an source port of 1039 (it should be 20, since we are usind an active mode client); between the ACE and the real server runs in active mode (I see normal ftp-data packets).
  Other strange thing is that I have FWSM and they let traffic pass from ACE to client (they should expect traffic comming from port 20 and not 1039)
  I am doing source NAT and ACE is doing all the necessary changes on source IP adresses.
  Anyone has seen similar behaviour?
  Any help would be appreciated.
  In attach I send my config and traffic sniffing.
  Thanks in advance.
  Joao Ribau
  P.S. - client is 10.1.44.98; VIP is 10.1.9.150; real server 10.1.36.124

  Hello.
  I didn´t mentioned this before but the gateway of all my networks is an ACE that is loadbalancing traffic to two firewall clusters. I think this is not important because I have a "catch all" VIP in all my interfaces; I assume that ACE forwards traffic with no restrictions or inspections leaving the inspection job to the firewalls and to the ACE that I use to load balance services.
  Don´t think this could be the problem but just to make sure I decided to post it.
  Best regards,
  Joao Ribau.
  P.S. - my configs on the ACE that loadbalance traffic to the firewalls are very straightforward. Serverfarms (interfaces of the firewalls), a class-map with a "catch-all" VIP, policy-map to for the serverfarm, a policy-map to tie the class to the serverfarm and finally a service-policy apllied to each interface.

• Standby cisco ACE loadbalancer issues (network connectivity)

  Hi ALL,
              We are having issues with the secondary (standby) load balancer ACE module on a 6500 switch. We see that the loadblanacer is not able to get onto the network which leads to problem with fault tolerance as well. Following is the ft status found on the load balancer for one of the contexts (this is the same pattern seen on all the contexts).
  switch/Admin# sh ft group status
  FT Group                     : 1
  Configured Status            : in-service
  Maintenance mode             : MAINT_MODE_OFF
  My State                     : FSM_FT_STATE_ACTIVE
  Peer State                   : FSM_FT_STATE_UNKNOWN
  Peer Id                      : 1
  No. of Contexts              : 1
  Sh arp on all the contexts shows the gateway/rserver to be unreachable. Please find the screenshot below for one of the contexts (the same pattern is seen on the LB for all other contexts)
  switch/1_Context# sh arp
  Context CSD_Context
  ================================================================================
  IP ADDRESS      MAC-ADDRESS        Interface  Type      Encap  NextArp(s) Status
  ================================================================================
  172.21.128.97   00.00.00.00.00.00  vlan942   GATEWAY    -                   dn
  172.21.128.103  00.0b.fc.fe.1b.09  vlan942   ALIAS      LOCAL     _         up
  172.21.128.105  00.12.43.dc.93.23  vlan942   INTERFACE  LOCAL     _         up
  7.0.0.4         00.0b.fc.fe.1b.09  vlan943   NAT        LOCAL     _         up
  - 7.0.0.6
  172.21.147.196  00.0b.fc.fe.1b.09  vlan943   ALIAS      LOCAL     _         up
  172.21.147.198  00.12.43.dc.93.24  vlan943   INTERFACE  LOCAL     _         up
  172.21.147.200  00.00.00.00.00.00  vlan943   RSERVER    -       * 3 req     dn
  172.21.147.202  00.00.00.00.00.00  vlan943   RSERVER    -       * 2 req     dn
  172.21.147.204  00.00.00.00.00.00  vlan943   RSERVER    -                   dn
  172.21.147.206  00.00.00.00.00.00  vlan943   RSERVER    -                   dn
  172.21.147.208  00.00.00.00.00.00  vlan943   RSERVER    -       * 3 req     dn
  172.21.147.210  00.00.00.00.00.00  vlan943   RSERVER    -       * 2 req     dn
  172.21.147.212  00.00.00.00.00.00  vlan943   RSERVER    -       * 1 req     dn
  172.21.147.214  00.00.00.00.00.00  vlan943   RSERVER    -       * 1 req     dn
  172.21.147.216  00.00.00.00.00.00  vlan943   RSERVER    -       * 3 req     dn
  7.0.0.1         00.0b.fc.fe.1b.09  vlan943   NAT        LOCAL     _         up
  - 7.0.0.3
  The problem is that we see the problem only on the secondary loadbalancer. primary is just running file
  also i can see some traffic denial in admin context for resource usage
  switch/Admin# sh resource usage
                                                       Allocation
          Resource         Current       Peak        Min        Max       Denied
  Context: Admin
    conc-connections              9          9     160000    6560000          0
    mgmt-connections              0         46       2000      82000          0
    proxy-connections             0          4      20972     859830          0
    xlates                        0          0      20972     859830          0
    bandwidth                     0   17715713   10000000  535000000    5799749
      throughput                  0   17710993   10000000  410000000    5799749
      mgmt-traffic rate           0       4720          0  125000000          0
    connection rate               0         43      20000     820000          0
    ssl-connections rate          0          0        100       4100          0
    mac-miss rate                 0          1         40       1640          0
    inspect-conn rate             0          0        120       4920          0
    acl-memory                56336      56336    1570072   64460552          6
    sticky                        0          0      83886          0          0
    regexp                        0          0      20972     859832          0
    syslog buffer             82944      82944      82944    3447808          0
    syslog rate                   0         44       2000      82000         25
  Context: INTEGRATION_Context
    conc-connections              0       3934     160000          0          0
    mgmt-connections              0         98       2000          0          0
    proxy-connections             0         33      20972          0          0
    xlates                        0          0      20972          0          0
    bandwidth                     0   10019910   10000000  125000000      40857
      throughput                  0   10000000   10000000          0      40857
      mgmt-traffic rate           0      19910          0  125000000          0
    connection rate               0         49      20000          0          0
    ssl-connections rate          0          0        100          0          0
    mac-miss rate                 0         32         40          0          0
    inspect-conn rate             0         58        120          0          0
    acl-memory                11920      11920    1570072          0          0
    sticky                        0          1      83886          0          0
    regexp                        0          0      20972          0          0
    syslog buffer                 0      82944      82944    3447808          0
    syslog rate                   0        312       2000          0          0
  these above 2 contexts are the only one which has bandwidth resource usage exceeding the limit. but i somehow am not sure if this is the issue. as there is just no traffic on the secondary .. then how can the bandwidth reach the threshold? can anyone throw some light on the below issue?
  thanks and regards
  kiran

  vlan on Standby_ACE switch
  svclc multiple-vlan-interfaces
  svclc module 1 vlan-group 1,4,12,13,
  svclc vlan-group 1  968
  svclc vlan-group 12  132
  svclc vlan-group 13  367-372,374,375,379,380,538,805,807,808,818,913,915
  svclc vlan-group 13  917-920,922-924,933,934,937,938,942-949,972,976-979,983
  svclc vlan-group 13  984
  ip subnet-zero
  no ip source-route
  vlans on standby ACE
  switch/Admin# sh vlans
  Vlans configured on SUP for this module
  vlan132  vlan360  vlan367-375  vlan379-380  vlan538  vlan805  vlan807-808  vlan818  vlan913  vlan91
  5  vlan917-920  vlan922-924  vlan930  vlan933-934  vlan937-938  vlan942-949  vlan968  vlan971-972  v
  lan976-979  vlan983-984
  switch/Admin#
  Active_LB_host_switch is the switch hosting the  active ACE thats connected on ten7/4 and 8/4 which is bundeled and made into
  port-channel (po72)
  CDP neighbor hosting the active ACE
  Active_LB_host_switch
                   Ten 7/4           148          R S I     WS-C6513  Ten 7/4
  Active_LB_host_switch
                   Ten 8/4           156          R S I     WS-C6513  Ten 8/4
  Po72 allows all the vlans which is the configured for ACE modules.
  Port                Vlans allowed on trunk
  Po72                132,140,181,359-383,538,668,702,805-808,815-816,818-820,836,907,909-920,922-925,
              929-935,937-949,967-973,976-984,987,3212
  vlan 968 is the FT vlan and the same hass been allowed on the trunk port.
  everything looks good to me but still not sure why isnt the ACE module not coming to the network. it was working fine
  a few months back but all of a sudden it lost the network connectivity. i am not even able to ping the physical ip of the
  ACE module.
  thanks and regards
  kiran

• ACE - Redirect

  Hi !
  I am trying to do the following:
  A customer dials into our network. The first HTTP Request get`s redirected to some Content-Page.
  This could be annoying for some customers that`s why we want to implement a button on that page to DISABLE this Redirect Feature for that customer.
  I am sure the redirect will work - but I am wondering if it`s possible to store some data on the customers web-browser - to make sure the feature remains DISABLED whenever he dials to the network again - and doesn`t get redirected anymore .
  Is there a chance to match on the ACE against some sort of f.e. cookie - to make sure the client is not redirected anymore if this cookie is present ?
  If not - then the client gets redirect.
  I would really appreciate any help / hints.
  cheers
  Hans

  In the following example if the http request comes for VIP:192.168.1.1 then the header is checked for cookie name "testcookie" and if the cookie value is "Donot-Redirect" then request is served by serverfarm "APP1-sf" and if this value is not present then request is redirected to http://192.168.120.132/redirect.html .
  parameter-map type http APP1-pmap
  persistence-rebalance
  rserver redirect SERVER-redirect
  webhost-redirection http://192.168.120.132/redirect.html 302
  inservice
  rserver host App1-server1
  ip address 10.10.10.111
  inservice
  rserver host App1-server2
  ip address 10.10.10.10
  inservice
  serverfarm redirect SFARM-redirect
  rserver SERVER-redirect
  inservice
  serverfarm App1-SF
  predictor leastconns
  probe TCP81
  rserver App1-server1
  inservice
  rserver App1-server2
  inservice
  class-map match-all App1-VIP
  2 match virtual-address 192.168.1.1 tcp eq 80
  class-map type http loadbalance match-any APP1-CHECK
  match http cookie testcookie cookie-value Donot-Redirect
  policy-map type loadbalance first-match APP1-policy
  class APP1-CHECK
  serverfarm App1-SF
  class class-default
  serverfarm SFARM-redirect
  policy-map multi-match VIPS
  class App1-VIP
  loadbalance vip inservice
  loadbalance policy APP1-policy
  loadbalance vip icmp-reply active
  appl-parameter http advanced-options APP1-pmap
  HTH
  Syed Iftekhar Ahmed

• ACE redirect to different URI on rserver

           We use JDE and up to now part of the tools was Apache which would redirect as follows
  http://alias.server  to  http://real.server:13333/main.maf   
  the latest version no longer uses Apache so I was wondering how I can do it on the ACE
  of course there is no problem going from alias.server port 80 to real.server:13333 but  how can I add the URI main.maf?

  Hi
  The configuration would look like the following:
  rserver host CHIJTW55
    description CHIJTW55
    ip address 172.16.98.106
    inservice
  rserver redirect JDEDV_RED
  webhost-redirection http://172.16.73.10:13333/main.maf  301
  serverfarm host JDEDV
    description JDEDV servers
    failaction purge
    probe tcp13333
    rserver CHIJTW55 13333
      inservice
  serverfarm redirect REDIRECT_FARM
       rserver JDEDV_RED
         inservice
  class-map match-any JDEDV_vip_80
    2 match virtual-address 172.16.73.10 tcp eq www
  class-map match-any JDEDV_vip_13333
    2 match virtual-address 172.16.73.10 tcp eq 13333
  policy-map type loadbalance first-match JDEDV_80
    class class-default
      serverfarm REDIRECT_FARM
  policy-map type loadbalance first-match JDEDV_13333
    class class-default
      serverfarm JDEDV
  policy-map multi-match MULTI_POLICY
    class JDEDV_vip_80
      loadbalance vip inservice
      loadbalance policy JDEDV_80
    class JDEDV_vip_13333
      loadbalance vip inservice
      loadbalance policy JDEDV_13333
  interface vlan X
       service-policy input MULTI_POLICY
  I hope this helps
  Daniel