Bypass Filter on a 565 Content Engine
Hello,
I want to configure a bypass filter to bypass for a Windows update type program that does http downloads. When I configured the bypass (on the CE), the hosts can no longer kick off the transfer, its as if its been blocked..? Any ideas.. Do bypass filters configured on the CE really work that well..?
This URL should help you:
http://www.cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_chapter09186a00801cc620.html
Similar Messages
-
Content engine 565 - real server relay
hi all,
we have a standalone content engine 565 running acns 5.3.1. we would like to realize something like a live stream 'relay':
we place the ce on the network edge and it receives a live stream (rtsp) directly from a content provider. the internal clients send their rtsp requests for that live stream directly to the ce which answers the requests. one important thing is that we cannot use a proxy configuration, because a proxy config on the client is not possible - meaning that we need to place requests directly (no direct or transparent proxy). in the real subscriber config interface I saw the receiver/transmitter section - is that the right way to go? where can I find config examples or documentation for that issue. on the cisco website I could not find any detailed documentation for real subscriber configs.thanks for the answer - i realized it rather late. can you help me in configuring this setup? as i said I cannot find any documentation support for such a setup...I would really appreciate any help.
thanks,
daniel -
Saturation on Content engine CE-565 and Smartfiler log
Hi, with content engine CE-565-K9
we have the following message log on the smartfilter:
"Jun 25 08:19:03 cer44sec-pxy2.cer44.recouv cache: %CE-UNKNOWN-4-899999: too many jobs in plugin thread pool queue (1001). Maximum allowed is: 1000
Jun 25 08:19:03 cer44sec-pxy.cer44.recouv cache: %CE-UNKNOWN-3-899999: Failed to start job to look up groups for user 'UR49100640'"
I can't see how is limited the thread number on the CE565. So who can explain to me the signification of this log and/or how configring the maximun thread on the CE565.
Thank's
MichelSmartfilter uses a pool of 20 threads for LDAP lookups. What this error indicates is that the number of outstanding LDAP requests has grown to more than 1000 which is the limit supported.
-
Help with Content Engine CE-565-K9 to install OS
Hello everybody,
I have got a content engine CE-565-K9 with 72GB HDD, but this is empty. my question is; how do i install de operative system? i have downloaded the follow components:
ACNS-5.5.9.9-K9.sysimg
ACNS-5.5.9.9-K9.bin
ACNS-5.5.9.9-K9.meta
ACNS-5.5.9.9-rescue-cdrom-K9.iso
ACNS-5.5.9.9-manifest-samples.zip
ACNS-5.5.9.9-manifest-tools.zip
ACNS-5.5.9.9-schema-xsd.zip
ACNS-5.5.9.9-Alarm_Book.html
ACNS-5.5.9.9-Error_Book
Any help??
Best Regards
Álvaro Pérez UnzuetaDepending on the current status of the device. you can use the rescue CD and follow the information in this url
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/acns/maintenance/v55_13/upgrade/guide/6695bkup.html
Thanks,
Eric -
I have 2 catalyst 6506 and 2 cache engines. Want to achieve transparent caching(Client have proxy setting on the IE)
I have configured exactly what the user guide has shown.
But I cant see the http traffic begin re-direct to Content Engine.
The http traffic go out directly to the proxy server.
Attached is the config file for one of the content engine and one of the catalyst 6506.The configuration looks ok to me. You could probably turn on some debugs to see what is happening. Also check the cache engine status. You could use the commands in this document to help you.
http://www.cisco.com/en/US/products/hw/contnetw/ps546/products_configuration_example09186a00801854c4.shtml -
Dear All,
My apologies if this posting is on the wrong board.
I've a problem with our content engine returning an error of:
"Tre reply from server is not valid"
The URL of the site is http://hiring.monster.co.uk/jobs/createtitle.aspx?mode=qb.
I've attached a screenshot of the error message.
Any advice or help would be greatly appreciated.
Thank you in advance.
SinhThis symptom is observed on a router on which Web Cache
Communication Protocol (WCCP) is enabled and Cisco Express Forwarding (CEF)
switching is disabled. If the caches are Cisco caches, they will be running
software prior to ACNS 4.2.5.
solution: Ensure that CEF switching is enabled on the router. If this is not possible, the impact of the problem on the cache will be minimized if the authentication bypass function is disabled.also try upgrading IOS to 12.1(18.01)E which may solve the issue. -
Hi there,
I'm having some problems with Content Engine.
I would appreciate any help.
It gives following errors:
Jun 12 08:15:59 CE01 wccp: %CE-WCCP-5-500008: WCCP: A new view from
the 25.25.25.25. Change number = 28
Jun 12 08:15:59 CE01 wccp: %CE-WCCP-5-500014: WCCP: New CE notified of
15.16.17.208
Jun 12 08:15:59 CE01 wccp: %CE-WCCP-5-500026: New CE entry being
created for 15.16.17.208 seen by router 25.25.25.25
Jun 12 08:16:07 CE01 wccp: %CE-WCCP-4-500015: WCCP:No assignment sent:
15.16.17.204 not in Router View
Jun 12 08:16:08 CE01 wccp: %CE-WCCP-5-500008: WCCP: A new view from
the 25.25.25.25. Change number = 29
Jun 12 08:16:08 CE01 wccp: %CE-WCCP-5-500014: WCCP: New CE notified of
15.16.17.204
Jun 12 08:16:08 CE01 wccp: %CE-WCCP-5-500026: New CE entry being
created for 15.16.17.204 seen by router 25.25.25.25
Jun 12 08:16:17 CE01 wccp: %CE-WCCP-5-500019: WCCP: New WC in compute
assign 15.16.17.204
Jun 12 08:16:40 CE01 wccp: %CE-WCCP-3-500001: HTTP Proxy may be down,
keepalives halted!
Jun 12 08:20:54 CE01 java: %CE-CMS-4-700001: ds_getStruct got error :
50 for key stat/cache/http/perf/throughput/requests/sum connection 5
Jun 12 08:20:54 CE01 java: %CE-CMS-4-700001: ds_getStruct: unable to
get `stat/cache/http/perf/throughput/requests/sum' from dataserver
Jun 12 08:20:54 CE01 java: %CE-CMS-4-700001: unable to get http
request throughput stats(error 50)
Jun 12 08:20:54 CE01 java: %CE-CMS-4-700001: ds_getStruct got error :
4 for key stat/cache/https/request connection 5
Jun 12 08:20:54 CE01 java: %CE-CMS-4-700001: ds_getStruct: unable to
get `stat/cache/https/request' from dataserver
Jun 12 08:20:54 CE01 java: %CE-CMS-4-700001: unable to get https
request throughput stats(error 4)
Jun 12 08:20:54 CE01 java: %CE-CMS-4-700001: ds_getStruct got error :
4 for key stat/cache/ftp connection 5
Jun 12 08:20:54 CE01 java: %CE-CMS-4-700001: ds_getStruct: unable to
get `stat/cache/ftp' from dataserver
Jun 12 08:20:54 CE01 java: %CE-CMS-4-700001: unable to get
ftp-over-http request throughput stats(error 4)
Jun 12 08:20:54 CE01 java: %CE-CMS-4-700001: ds_getStruct got error :
4 for key stat/cache/http/usage/cpu/sum connection 5
Jun 12 08:20:54 CE01 java: %CE-CMS-4-700001: ds_getStruct: unable to
get `stat/cache/http/usage/cpu/sum' from dataserver
Jun 12 08:20:54 CE01 java: %CE-CMS-4-700001: unable to get cpu
stats(error 4)Hi guys,
I am really out of ideas!!!
I've updated software couple times already.
but nothing helps.
it still gives same error:
Jun 16 14:23:01 ponent exec_show_stats: %CE-CLI-3-170013: item stat/cache/http/usage/cpu/sum not found not found in dataserver
Jun 16 14:23:01 ponent exec_show_stats: %CE-CLI-3-170013: item stat/cache/http/request not found not found in dataserver
Jun 16 14:23:01 ponent exec_show_stats: %CE-CLI-3-170013: item stat/cache/https/request not found not found in dataserver
Jun 16 14:23:01 ponent exec_show_stats: %CE-CLI-3-170013: item stat/cache/https/requests not found not found in dataserver
Jun 16 14:23:01 ponent exec_show_stats: %CE-CLI-3-170013: item stat/cache/ftp-native not found not found in dataserver
Jun 16 14:23:01 ponent exec_show_stats: %CE-CLI-3-170013: item stat/cache/ftp not found not found in dataserver
Jun 16 14:23:02 ponent exec_show_stats: %CE-CLI-3-170013: item stat/wccp/bypass not found not found in dataserver
Jun 16 14:23:02 ponent exec_show_stats: %CE-CLI-3-170013: item stat/wccp/bypass not found not found in dataserver
Jun 16 14:23:52 ponent exec_rule: %CE-CLI-3-170013: Verifier not responding. when setting cfg/gl/cache/rule/stat/show (Error number: 32)
Jun 16 14:23:52 ponent exec_show_stats: %CE-CLI-3-170013: item stat/cache/http/err not found not found in dataserver
Jun 16 14:23:52 ponent exec_show_stats: %CE-CLI-3-170013: item stat/cache/https/err not found not found in dataserver
Jun 16 14:24:37 ponent cfg_bin_urlfilter: %CE-CLI-3-170013: Verifier didn't respond. Need to re-register verifier. when setting /cfg/gl/cache/urlfilter/http/enable (Error number: 64)
Jun 16 14:24:45 ponent java: %CE-CMS-4-700001: ds_getStruct got error : 4 for key stat/cache/http/perf/throughput/requests/sum connection 5
Jun 16 14:24:45 ponent java: %CE-CMS-4-700001: ds_getStruct: unable to get `stat/cache/http/perf/throughput/requests/sum' from dataserver
Jun 16 14:24:45 ponent java: %CE-CMS-4-700001: unable to get http request throughput stats(error 4)
Jun 16 14:24:45 ponent java: %CE-CMS-4-700001: ds_getStruct got error : 4 for key stat/cache/https/request connection 5
Jun 16 14:24:45 ponent java: %CE-CMS-4-700001: ds_getStruct: unable to get `stat/cache/https/request' from dataserver
Jun 16 14:24:45 ponent java: %CE-CMS-4-700001: unable to get https request throughput stats(error 4)
Jun 16 14:24:45 ponent java: %CE-CMS-4-700001: ds_getStruct got error : 4 for key stat/cache/ftp connection 5
Jun 16 14:24:45 ponent java: %CE-CMS-4-700001: ds_getStruct: unable to get `stat/cache/ftp' from dataserver
Jun 16 14:24:45 ponent java: %CE-CMS-4-700001: unable to get ftp-over-http request throughput stats(error 4)
Jun 16 14:24:45 ponent java: %CE-CMS-4-700001: ds_getStruct got error : 4 for key stat/cache/http/usage/cpu/sum connection 5
Jun 16 14:24:45 ponent java: %CE-CMS-4-700001: ds_getStruct: unable to get `stat/cache/http/usage/cpu/sum' from dataserver
Jun 16 14:24:45 ponent java: %CE-CMS-4-700001: unable to get cpu stats(error 4)
Jun 16 14:24:47 ponent java: %CE-CMS-4-700001: ds_getStruct got error : 4 for key stat/cache/http/perf/throughput/requests/sum connection 5
Jun 16 14:24:47 ponent java: %CE-CMS-4-700001: ds_getStruct: unable to get `stat/cache/http/perf/throughput/requests/sum' from dataserver
Jun 16 14:24:47 ponent java: %CE-CMS-4-700001: unable to get http request throughput stats(error 4)
Jun 16 14:25:15 ponent cfg_bin_urlfilter: %CE-CLI-3-170013: Verifier didn't respond. Need to re-register verifier. when setting /cfg/gl/cache/urlfilter/http/enable (Error number: 64)
Jun 16 14:25:24 ponent writemem.sh: %CE-CLI-2-170054: running-config has 0 line(s)
Jun 16 14:25:24 ponent exec_copy: %CE-CLI-3-170055: Copy running-config to startup-config failed!. status(1.20)
please, any suggestion would be appreciated. -
Hi,
I have a content engine 565A with ACNS 5.4.5.7, running http pxory mode. All of the windows clients setup proxy server to the content engtine. This day the windows client executed windowsupdate, but got the error message : 0x80072EFE. I have tried to setup a rule to ingore cached for the microsoft windowsupdate server, but it doesn't work. Can you help to identify this problem?
I want to bypass all of the windowsupdate server, but we can not use domain name in bypass command, it support IP addresses only. Is there any other solution to bypass some servers by domain ( for example : *.windowsupdate.microsoft.com ) ?
Best Regards,
Jackson KuHi,
I have a content engine 565A with ACNS 5.4.5.7, running http pxory mode. All of the windows clients setup proxy server to the content engtine. This day the windows client executed windowsupdate, but got the error message : 0x80072EFE. I have tried to setup a rule to ingore cached for the microsoft windowsupdate server, but it doesn't work. Can you help to identify this problem?
I want to bypass all of the windowsupdate server, but we can not use domain name in bypass command, it support IP addresses only. Is there any other solution to bypass some servers by domain ( for example : *.windowsupdate.microsoft.com ) ?
Best Regards,
Jackson Ku -
Hi, is it possible for a content engine module to work in a 2600 with the following scenario? I want the clients gateway to be the 2600 with content engine installed but I want the 2600 to forward all traffic out a seperate gateway. I know a content switch can do this but can a content module in a 2600 do it too. The reason for wanting this is I want to use url filtering software such as websense and at the moment the existing gateway/firewall is not compatible with websense so Im looking to use a 2600 with content module installed to filter webtraffic and forward out the existing gateway. Thanks
this is no problem
Just look at the nm-ce as a standalone device connected by ethernet to the 2600.
The 2600 can be the default gateway for the client and the cache [nm-ce].
The 2600 will intercept traffic from client and forward to nm-ce.
The nm-ce will use the 2600 as its default gateway.
Gilles. -
Content Engine CD media included?
Dear All,
If I buy a content engine, do I receive a CD media?
I am thinking of system recovery by this CD if the system is crashed!
Thanks
makMak
If you get a CE-510,CE-565,CE-7305 or CE-7325 then you will recieve a recovery CD in the package.
Please also note that the ISO images for these CD's are also available on cisco.com incase it gets misplaced at any time.
Cheers
Phil -
CISCO 2821 WITH CONTENT ENGINE
ANYONE KNOW THE USERNAME / PASSWORD
FOR THE CONTENT-ENGINE WHEN YOU OPEN UP A SESSION TO IT? ON OUR 2651XM'S WITH
CONTENT-ENGINES THE USERNAME IS admin
and the password is default. THIS DOES
NOT WORK WITH THE NEW CONTENT-ENGINES INSTALLED.If you have no luck guessing passwords you can try the following.
Recovering a Lost Administrator Password
If an administrator password is forgotten, lost, or misconfigured, perform the following steps to reset the password on the device.
Note There is no way to restore a lost administrator password. You must reset the password to a new one, as described in this procedure.
Step 1 Establish a console connection to the device and open a terminal session.
Step 2 Reboot the device. While the device is rebooting, watch for the following prompt and press Enter when you see it:
Cisco ACNS boot:hit RETURN to set boot flags:0009
Step 3 When prompted to enter bootflags, enter this value:
0x8000
For example:
Available boot flags (enter the sum of the desired flags):
0x4000 - bypass nvram config
0x8000 - disable login security
[CE boot - enter bootflags]:0x8000
You have entered boot flags = 0x8000
Boot with these flags? [yes]:yes
[Display output omitted]
Setting the configuration flags to 0x8000 lets you into the system, bypassing all
security. Setting the configuration flags field to 0x4000 lets you bypass the NVRAM
configuration.
Step 4 When the device completes the boot sequence, you are prompted to enter the username to access the CLI. Enter the default administrator username (admin):
Cisco Content Engine Console
Username: admin
Step 5 Once you see the CLI prompt, set the password for the user using the username password command in global configuration mode.
The following example shows the different options and parameters for the username command. You can specify that the password be either clear text or encrypted. The user in the example chose to have an encrypted password.
ContentEngine# configure
ContentEngine(config)# username ?
WORD User name
ContentEngine(config)# username biff ?
password Specify the password for the user
privilege Set user privilege level
samba-password Set user's Windows sharing password
ContentEngine(config)# username biff password ?
0 Specifies clear-text password (default)
1 Specifies type 1 encrypted password
WORD User password (clear text)
ContentEngine(config)# username biff password 0 ?
WORD User password (encrypted)
ContentEngine(config)# username biff password 0 mypassword ?
uid User Id
ContentEngine(config)# username biff password 0 mypassword uid ?
<2001-65535> User Id
ContentEngine(config)# username biff password 0 mypassword uid 2001 ?
ContentEngine(config)#
Step 6 Use the write memory command in EXEC mode to save the configuration change.
ContentEngine(config)# exit
ContentEngine# write memory
Step 7 Optionally, reboot your device by using the reload command.
ContentEngine# reload
Rebooting is optional; however, you might want to reboot to ensure that the boot flags are reset, and to ensure that subsequent console administrator logins do not bypass the password check.
Note In ACNS software, the bootflags are reset to 0x0 on every reboot. -
Content Engine compatability with Windows Media Player
I am currently running ACNS version 5.5 on our CE510 Content Engine. We want to set this box up to serve VOD requests from WMT. I think the clients on site are all using Windows Media Player version 10. Does this version of ACNS software work with Windows Media Player 10?
Dan
this brings up an interesting point. The content (which is canned Video on an Intranet Web site) is HTTP? I am wasting my time here by trying to use the Windows MP services?? Perhaps I already have what I need...
Your comments appreciated.
Kevin -
Should the Cisco Content Engines be used as a proxy appliance
Should the Cisco Content Engine be use as a proxy appliance like a Blue Coat appliance, Squid cache engine, ISA server, etc...
I am pretty sure it is but just need some feedback on past experiences. Customer would like to by a Cisco product for Web filtering/proxy.
or is it strictly used to help with web base applications.HI,
the CE is basically able to check every request it supports. If you are using 3rd level products like smartfilter, websense or webwasher you can use the features of those products to supress/forbid certain requests(i.e MSN etc.)
Kind Regards,
Joerg -
Help!!! Content engine
my configuration is follow the attached file. I don't know what is wrong with my content engine using as a cache server. when i connect this CE to my network, i can make my user access to the internet fast only 2 days, but after 2 days it makes my users internet connection slow. So when users access to the internet slow, i disconnect this CE from my network, then my users internet connections is running better. So please help me to find what is incorrect with my configuration and what commands i should add more to this current configuration"
What is the ACNS software version u r using in ur content Engine7305.I am sending u a configuration doc for ACNS rlease 5.2.This has all the info regarding ACNS 5.2.
http://www.cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_book09186a00802debd6.html
Let me know, if you have any problem in browsing this big document. and finding out the pblm.I will assist you. -
Content Engine NM ACNS/network access
After searching Google and Cisco, here's my setup...
2851 Router running 15.1T
CE-NM-BP-80G-K9 in slot 1/0
Bridge group 1 for LAN and Wireless WIC.
Goal: Either add the external CE interface to the LAN on the bridge group or use WCCP to cache traffic through the internal interface.
I was able to access ACNS once, but I'm completely new to the design and it was only for testing with the IP scheme. I reset the config, reloaded the router and now I can't access ACNS via the web gui nor can I access the network from the CE (ping or ftp).
Interface ContentEngine 1/0 Config:
ip address 10.0.0.1 255.255.255.0
Service Module ip address 10.0.0.2 255.255.255.0
Service Module external ip address 10.0.1.1 255.255.255.0
Service Module ip default gateway 10.0.0.1
Interface BVI1
ip address 192.168.2.1 255.255.255.0
using dhcp etc
Service module config:
CE#sh run
! ACNS version 5.5.3
hostname CE
http proxy incoming 80 8080
ip domain-name mydomain.com
interface FastEthernet external
exit
interface FastEthernet internal
exit
wmt evaluate
wmt accept-license-agreement
wmt enable
ip name-server 8.8.8.8
ip name-server 192.168.2.1
wccp router-list 1 192.168.2.1
wccp web-cache router-list-num 1
wccp reverse-proxy router-list-num 1
wccp wmt router-list-num 1
wccp version 2
username admin password 1 xxx
username admin privilege 15
username xxxx password 1 xxx uid 2001
username xxxx privilege 15
authentication login local enable primary
authentication configuration local enable primary
cdm ip 192.168.2.1
! End of ACNS configuration
Here's what I get when attempting to ping:
CE#ping 192.168.2.1
connect: Network is unreachable
CE#ping 10.0.0.1
connect: Network is unreachable
CE#ping 10.0.1.1
connect: Network is unreachable
And from the LAN:
seth@Sony:~$ ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_req=1 ttl=255 time=1.79 ms
^C
--- 192.168.2.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.799/1.799/1.799/0.000 ms
seth@Sony:~$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_req=1 ttl=255 time=1.39 ms
64 bytes from 10.0.0.1: icmp_req=2 ttl=255 time=1.93 ms
^C
--- 10.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.396/1.666/1.936/0.270 ms
seth@Sony:~$ ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
seth@Sony:~$ ping 10.0.1.1
PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.
^C
--- 10.0.1.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1007ms
Page cannot be displayed when attempting to hit the CE on port 8001 or securely at 8003 although the CE shows it's listening
CE#sh gui-server
GUI Server is enabled
Listen on port 8001
Secured GUI Server is enabled
Secured GUI Listen on port 8003
Let me know if there's some other pertinent info, but what am I missing?SOLVED --
The mistake was my own...in writing this post and re-testing, I realized I had made a foolish mistake. I applied an access-list (which I forgot to include) to the "ip wccp web-cache redirect-list bypass_content_engine" in the global config of the router.
When I installed service 95 for spoofing, I automatically added the same access list to it as well.
This was not a good thing since the access list denied packets with a destination of our internal IP addresses from going through the content engine. This worked fine on the way *out* of the router. But as the now-spoofed packets returned, their destination was an inside IP address and they were pretty much discarded. Foolish Mistake!
Removing the ACL from the "ip wccp 95" statement in the global config fixed the issue and I am spoofing fine.
Sorry to waste time...
David Hunter
Maybe you are looking for
-
MSI 560 TI GTX OC Twin Frozr II Issue
Computer Specs CPU:Intel I5 2500K MoBo:Asrock Z68 Extreme 4 Gen 3 Memory:Gskill Ripjaw 1600 PS:Corsair 850TX 850W Windows 7 64BIT So I built this Computer going on two weeks ago or so and after putting everything together and installing all the softw
-
How do I find which of the later versions of OS-X will run on my 24" iMac?
Am currently running OS_X 10.6.8 and really need to upgrade that on my 24" iMac if at all possible to run Quickbooks as I can't find an older copy of QB that will run on this system. Anyone know where to buy older versions of Quickbooks?
-
Restrict authorizations for payment item transaction
Hi All, This is regarding authorizations for a banking system. The requirement is the users need to be restricted for the following transaction based on the Bank Posting Area or the contract managing unit. BCA_PAYMITEM_CREATE When the user goes to cr
-
Problem with Profile-Update-Request
I have a problem when I Try to use the profile update request. First, I can use the "User-Data-Request" without problems. I use this sentences: ->String docSel="sh://sip:[email protected]/IMSPublicIdentity/"; ->Document doc = psvc.getDocument(docSe
-
In AE CS6 lack the plug ins ; Optical Flares, Element 3D and Particular. Where can I download it. Thx Chris Belgium