Cisco 4507R WCCP with blue coat SG 8000 as proxy server integration
Dear All,
I installed the blue coat on one of the vlan with users in diffwrent vlans. The core 4507R is used with L3 vlans as gateway for the respective vlan users. Now i need to configure both core switch and blue coat as proxy server so that all the users in different vlans access internet websites without configure the blue coat proxy address but the core switch would redirect the users request to the blue coat proxy server. I tried with latest IOS upgrade to the switch eventhen i could not get the cmds related to WCCP blue coat documents suggest to use in core switch to configure the proxy server of SG8000
Could any one help me to solve this issue.
Thanks
swamy
Following link may help you
http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a008062cfc6.html
Similar Messages
-
Hi All,
After several hours and a short night of sleep I'm out of ideas and hopefully someone here can help me trying to solve this one. First of all the situation:
Exchange 2013 on a remote location with a CA-certificate.
Outlook 2010 and 2013 on different locations, locally installed and on RDS.
When I open Outlook on my laptop all is fine, no errors, good sync, no problem. But when I open Outlook on our Remote Desktop Servers with Outlook 2013 I'm getting errors like "There is a problem with the security certificate of the proxy server. The
name on the security certificate is invalid or does not match the name of the site. Outlook is unable to connect to this server. (Error code 18)". Opening Outlook 2010 the message is the same, but the error code now is 38.
After this Outlook opens and is working, there's one more error though. After a while an security warning pops up with the message: "Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the
site's security certificate. * The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority. * The security certificate is valid. * The name on the security
certificate is invalid or does not match the name of the site."
Strangest thing is, it is the certificate of my RDS! It isn't my valid en officially bought certificate from my mailserver. What's going on? I'm out of options, what I've tried so far (in random order):
- restarting mailserver and AD;
- restarting switches;
- restarting routers;
- restarting RDS, AD and all other servers;
- bypassed proxyserver for RDS;
- created a new profile;
- checked recently installed updates;
- checked certificate on mailserver;
- checked RDS on a different location, working fine.
Nothing helped, what can I do next? Please advice.
Regards.Found a thread that solves half my problem (https://social.technet.microsoft.com/Forums/office/en-US/70d18244-889a-4d95-ac3f-e234672a82b2/there-is-a-problem-with-the-proxy-servers-security-certificate-error-when-starting-outlook?forum=exchangesvrclients).
The first message can be suppressed by adding this to the Exchange config:
set-outlookprovider -Identity EXCH -CertprincipalName msstd:webmail.domain.tld
set-outlookprovider -Identity EXPR -CertprincipalName msstd:webmail.domain.tld
Giving the command get-outlookprovider, gives me empty information regarding the certprinipalname. Filled
this and after recreating the profile or deleting the ost-file I still have the second alert with the local certificate of my RDS.
Not completely where I want to be, any help regarding the second alert is greatly appreciated! -
VSS on cisco 4507R+E with sup8-E
Hi folks,
I need to configure VSS on cisco 4507R+E switch with SUP8-E,but the problem is that as per the latest relase notes VSS is not supported on sup8-E.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_32143-01.html
Can someone advise me how to proceed?Hi,
The links coming from cpe1 and cpe2 can be bundled and made layer3 port channel on VSS swirtch?
No, the link can't be in a Porchannel as cpe-1 cpe-2 are 2 different devices. If cpe-1 and 2 were for example Cisco 3750 stacked, then yes, you could put both links in a Portchannel on the 3750s and also on 4500 (VSS).
on VSS switch : 172.16.10.6/29 (port channel)
cpe1: 172.16.10.2/29
cpe2: 172.16.10.3/29
HSRP virtual IP: 172.16.10.4/29
All above statements are correct.
Can you eloborate how I can use dot1q encapsulation for this scenario?
Let assume cpe-1 and cpe-2 are Cisco 3845 routers. In this case, you can simply create a sub-interface an each device connecting to the VSS with dot1.q
for example on cpe-1
interface gi0/0
interface gi0/0.10
ip address 172.16.10.2/29
encapsulation dot1q 10
the same thing on cpe-2 except a different IP address.
Now you create vlan 10 with dot1q encapsulation on the 4500 and add it to what ever interfaces that are connecting to the cpes with an ip address on th svi.
or you can keep the 4500 (vss) as layer-2 with no IP and no svi.
it that more clear now?
Reza -
Cisco 4507R+E with SUP6L-E
Hello All,
At my core of my network I have a 4507R+E with a SUP6L-E and a 3750X, both these units are configured for HSRP. So essentially the 3750X is not doing anything. Many moons ago, at the time or purchase an additional SUP6L-E was twice the cost of a 3750X, so the 3750X was purchased to create a sense of high availability.
My question is, if I happen to come across another SUP6L-E, would it be a better configuration to install a secondary supervisor card and remote the 3750X from my network?
Of course EOS/EOL plays a factor but aside from that, would I see any simplification and enhancement to the network by the installation of a secondary supervisor?Hi,
I would keep the 3750 as one of your core. The reason being is that this design gives you chassis redundancy.
If you install a second sup in the 4500 and something happens to it, you have no redundancy.
HTH -
Cisco 2600 router with 4A/S module can be terminal server
I have a cisco 2600 router with 4A/S module, can it become the terminal server? If yes, which kind of octal cable should I choose to connect to other cisco routers console ports? Thanks a lot
The commands mean that R1's console is connected using the first RJ-45 cable and is available on port 2001, R2's console is connected using the second RJ-45 cable and is available on port 2002 and so on. Remember that the ports are numbered as 2000 plus the line number. Hence, the first port is 2001. If you have more than eight devices and have connected a second CAB-OCTAL-ASYNC cable then you need to add a similar configuration line with the port numbers starting from 2009 till 2016.
In your configuration u configured 9 ports. So please add second cable for another 8 ports.
To connect to the console of a device, telnet to the terminal server router's loopback address and specify the port number associated to the device. For example, to connect to console of router R1 (from our example) type telnet 192.168.12.1 2001 in the Run dialog box from your PC.
For further information click the below url
http://www.cisco.com/public/technotes/smbsa/en/us/internet/config_cisco_router_term_server.html#trouble -
Issue with binary attribute types through Directory Proxy Server 6.3.1
I'm having problems with DPS 6.3.1.1 on Solaris 10 with binary attribute types. From most LDAP servers, requesting an attribute such as userCertificate would return userCertificate;binary without any issues. However, DPS seems to consider these two separate attributes. In order to see userCertificate;binary, I have to ask for it in that exact format. This obviously is causing trouble for many clients as they shouldn't care about the binary type as it's the same attribute.
I've tried to correct this with a virtual data transformation (dpconf add-virtual-transformation 'PKI Tree' read add-attr-value userCertificate \${userCertificate\;binary}) but the end results are the same. Any ideas on how I can correct this one?
Thanks in advance.Here is some complementary information:
system (uname -a):
SunOS xxx 5.10 Generic_142900-13 sun4u sparc SUNW,Sun-Fire-V440
since patch 118666-26: update java 1.5.0 update 24
we are experiencing the follwing problem:
xxx$ ./dpadm start /opt/ldap/instances/mail/
The Directory Proxy Server instance '/opt/ldap/instances/mail' failed to start after the waiting period.
The Directory Proxy Server instance start has produced the following error output:
Exception in thread "main" java.lang.NoSuchFieldError: strm
at java.util.zip.Inflater.initIDs(Native Method)
at java.util.zip.Inflater.<clinit>(Inflater.java:60)
at java.util.zip.ZipFile.getInflater(ZipFile.java:375)
at java.util.zip.ZipFile.getInputStream(ZipFile.java:320)
at java.util.zip.ZipFile.getInputStream(ZipFile.java:286)
at java.util.jar.JarFile.hasClassPathAttribute(JarFile.java:469)
at java.util.jar.JavaUtilJarAccessImpl.jarFileHasClassPathAttribute(JavaUtilJarAccessImpl.java:21)
at sun.misc.URLClassPath$JarLoader.getClassPath(URLClassPath.java:809)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:293)
at sun.misc.URLClassPath.getResource(URLClassPath.java:160)
at java.net.URLClassLoader$1.run(URLClassLoader.java:192)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:300)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
The Directory Proxy Server instance '/opt/ldap/instances/mail' is not running.
We have tried to install patch 118666-27 (not recommended, but already available) which includes jdk 1.5.0 update 25 -> same problem
When returning to jdk 1.5.0 update 20 the directory proxy server starts as normal -
Distance calculation with the help of mappoint and sql server integration services
How to use mappoint 2011 with SSIS 2012 to calculate the distance between two zip codes? is there any process to calculate the distancein ssis?
SSIS being an ETL tool (moving and transforming data) does not have native integration with mapPoint, nor it exposes any 'Geo' functions to operate on geometry or geoshape data.
I imagine to achieve what you need SSIS should not be used solely, if you can read the ZIP codes then you can calculate the distance in C# (say) code which in turn can be used in SSIS Script Task if needed: http://www.wiredprairie.us/blog/index.php/archives/688
Arthur
MyBlog
Twitter -
Cisco Catalyst 4507R+E with WS-X4748 blade, ports not working
I have a Cisco Catalyst 4507R+E (with Sup7-E) and two blades; one WS-X4748-RJ45V+E and one WS-X4648-RJ45-E.
When I connect a device to a port on the WS-X4748-RJ45V+E blade the port will not come up, show interface shows the status as "notconnect". When I connect the same device to the WS-X4648-RJ45-E blade the interface comes up.
The WS-X4748-RJ45V+E blade seems to have initialised okay, it appears in the output of "show module" as OK.
I get exactly the same effect on a second, identically configured Catalyst 4507R+E.
The software version is IOS XE 3.1.0SG, which according to the release notes supports the WS-X4748-RJ45V+E blade. Has anybody else seen anything like this?I have 2 Core switches, single SUP on each.
Line cards #1 and #2 randomly stop forwarding packets, only solution is to reload the switch ( hw-module reset does not work ). I have cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin and the sympton looks the same as the described one,
although the code is newer than 3.2.2SG.
Now we are downgrading to cat4500e-universalk9.SPA.03.04.02.SG.151-2.SG2.bin to check if that solves the issue,
otherwise we´ll try removing/re-inserting the modules, and if issue persists, most probably RMA the Core1.
We´ve sent a show tech to Cisco support while the issue was happening.
Current modules on the Core switches.
Mod Ports Card Type Model Serial No.
---+-----+--------------------------------------+------------------+-----------
1 48 10/100/1000BaseT EEE (RJ45) WS-X4748-RJ45-E CAT1627L48B
2 48 10/100/1000BaseT EEE (RJ45) WS-X4748-RJ45-E CAT1629L0ZY
3 4 Sup 7-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7-E CAT1629L1PD
5 12 1000BaseX (SFP) WS-X4612-SFP-E JAE163007EO
M MAC addresses Hw Fw Sw Status
--+--------------------------------+---+------------+----------------+---------
1 30f7.0d57.80c0 to 30f7.0d57.80ef 1.1 Ok
2 30f7.0dac.fd40 to 30f7.0dac.fd6f 1.1 Ok
3 30f7.0dca.6c00 to 30f7.0dca.6c03 2.1 15.0(1r)SG10 03.05.00.E Ok
5 a493.4c44.13e8 to a493.4c44.13f3 1.1 Ok
Mod Redundancy role Operating mode Redundancy status
----+-------------------+-------------------+----------------------------------
3 Active Supervisor SSO Active -
ACE Probe Config for Blue Coat Proxy TCP Port 74 NETRJS-4
We are running 4710's with A5(2.2). We use Blue Coat proxies for our internet connections, specifcally TCP port 74. So when we open up a browser connection to www.cisco.com, the HTTP GET is actually encapsulated in TCP port 74 netrjs-4. We want to load-balance these proxies with ACE and I'm trying to setup health probes, but the only ones that work are the tcp probes PROXY_BCC_PROBE and PROXY_PROBE. I'd like to have health probes that hit external websites, but I'm confused whether the "ip address" Probe sub command is all I need, and netrjs is simple encapsulation of the HTTP request (which is what it looks like on a sniffer). Does anyone have Blue Coat proxies/ACE working? If so, how are your probes configured?
Thanks,
probe tcp PROXY_BCC_PROBE
port 8084
interval 3
passdetect interval 3
probe http PROXY_HTTP1_PROBE
ip address 198.133.219.25
port 74
interval 3
passdetect interval 3
request method head url /index.html
expect status 200 299
probe http PROXY_HTTP2_PROBE
ip address 198.133.219.25
port 74
interval 3
request method get url /
expect status 200 299
probe tcp PROXY_PROBE
port 74
interval 3
passdetect interval 3Hi,
I have seen this working for one of the customer.
probe http HTTPGET
description Tests that www.gmail.com returns 302 redirect
interval 10
request method get url http://www.gmail.com
expect status 302 302
If I modify your probe :
probe http PROXY_HTTP1_PROBE
ip address 198.133.219.25
port 74
interval 3
passdetect interval 3
request method get url
http://www.gmail.com
expect status 302 302
Give it a try and see if that helps.
regards,
Ajay Kumar -
Cisco 4507R-E secondary SUP card is in disable state
Hi All,
I have one cisco 4507R-E switch with SUP 6-E. When I power UP switch. switch is boot with primary sup. Secondary module shown as "Disabled".
How can i enable secondary module?Hi,
Have a look at this doc on how to make the sups redundant
You need to have the same exact IOS and license in both sups.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1-2/XE_340/configuration/guide/config/RPR.html#wp1125437
HTH -
ASA , Cisco VPN client with RADIUS authentication
Hi,
I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
Thank you.
Kind regards,
AlexHi Alex,
It is working as it should.
You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
thanks
John -
On my new MacBook Pro when I am connected to the internet via an Ethernet cable, Facebook pictures do not load. They show up as white boxes with blue question marks. This also happens on a website editor. But, when I am connected to the internet via Wifi, everything load properly. This is my work computer, so I have to be able to connect through the Ethernet cable to access everything. Please help me!
I mostly use Safari. But I also tried it on Firefox, Mozilla, and Camino. Mac OS X. It's my work computer, so I've only tried it at the office. I have to be connected through the Ethernet cable to access my files and email on the server.
-
hi, my iPhone5s is only 3 months old, it has been like a whole month now since it started crashing, displaying the blue screen of death, since yesterday it was in the loop of restart-crash, and now it is stuck in recovery mode after lots of times displaying blue screen.
I cannot restore it as phone continues crashing again with blue screen, when iTunes displays error 14 on verification.
help please, this phone is all the means of communication I have.It's a hardware problem. That's it. You shouldn't bother yourself with this situation. Just see an AASP.
-
Satellite L650 - frequent computer restart with blue screen
Hi, I bought an L650 about 2months ago so it is still under warranty.
Recently (maybe last 2 weeks) it has continued to shut down with blue screen of death. It seemed to occur more if I opened up many tabs in internet and i thought it might be adobe flash but don't think so anymore.
It says if there is new hardware or software installed try reinstall it but I do not know which software and there is no new hardware.
"a problem has been detected and windows has been shyt down to protect your computer
A process or thread crucial to system operation has unexpectedly exited or terminated.
technical information:
*** STOP: 0x000000F4 (0X00000000000003, OxFFFFFFFFAB007A4B30, 0xFFFFFFFFFA(rest off screen from camera)
xFFFF800035C#1EO
Somthing like above although its quick video on my camera so some numbers may be wrong.
Can someone help if this is a hardware malfunction or my fault somehow?
Is this a warranty problem or what should I do?
I never made any windows CD or anything when I bought laptop unfortunately so do not know if I can reformat harddrive?
Thanks.
KadinHello
It is worst than at the beginning with STOP: 0x000000F4 error message. It is always problematic to help with such problems because your notebook configuration, preinstalled software and activity is not known to us.
In my opinion you should back-up all your important data, install OS again using HDD recovery option and test functionality with original OS without any additional software installation.
If the BSOD will occur again and again I recommend you to contact nearest Toshiba service and ask for help. I have two Toshiba notebooks and until now I didnt notice BSOD at all. -
7th generation ipod nano only displaying white screen with blue horizontal lines
Hi,
My 7th generation ipod nano is now only displaying a white screen with blue horizontal lines along the bottom. It still plays music and is recognised in itunes with I connect it to my PC.
I have reset is and restored it and it is charged.
Please advise.
Thanks,
JessHi jkjuarez2012,
Thank you for visiting Apple Support Communities.
It sounds like your iPod nano is only showing the Apple logo with a white background, and you've tried many good steps including resetting and restoring the device. I know I'd miss my music in this situation.
Make sure that you followed the steps in this article when restoring your iPod:
Restoring iPod to factory settings - Apple Support
If the issue continues after restoring, your iPod nano may need to be serviced. You can use this link to find out more about iPod service:
If the issue is still not resolved, please read this information on servicing your iPod.
From:
iPod nano (7th generation): Hardware troubleshooting - Apple Support
Best Regards,
Jeremy
Maybe you are looking for
-
Having problems with Bridge shutting down after saving photo in PS Cs5,,,,,,,,, Also when i attempt to update either PS or bridge get an error message in Adobe application manger "Error loading updater workflow"
-
ITunes won't open on Yosemite 10.10.1
I am on a 2012 MacBook pro 13". I updated to Yosemite 10.10.1 about a month ago. I can't launch iTunes. I even updated iTunes as well. What do I do?
-
hi sd gurus, i got one issue regarding ship to partys Issue: previously ship to party was deleted (ex :100045) and we assigned new ship to party (ex:100046) in vd06 but when we r going to va05 sales record we r getting same records for the
-
Using OMW I succesfully managed to capture my access database and migrate it to Oracle. When is time to load the "table data" I get multiple errors one of them being: Integrity constraint violated-parent key not found. What is the best way to go abou
-
How to retrieve top 5 employees getting maximum salary
I have 100 employees, but I want to display only first 5 employee who are getting maximum salaries.