CSM Help

Hello,
I need help with an interesting request I need to configure on my CSM.
There are 3 total servers, each server holds information for 10 different users -- a total of 30 users. I need to configure a single virutal IP address so when a user clicks on http://virtualip it will re-direct them to their appropriate server via username. The only way I can re-direct them is by a local SQL DB Username which is passed in the packet.
How can I configure the CSM to look into the packet and re-direct the requests by username to their appropriate server. Is this possible?
Thanks in advance,
Scott

Thank you for your response...I was thinking the same thing, but I didn't think that kind of information was contained in the header. Would that be an application thing, do you think programmers could pass that information in the headers?
Scott

Similar Messages

  • Help with CSM 3.2.2 - Changes created after Device Discovery

    Hi
    Hope someone can help, I have just installed CSM 3.2.2 and added many multiple firewalls to the database, I have not created any overall policies yet. Once these additions were made I could see over 500 changes that CSM wanted to make in the Activity List after viewing the changes. A great deal of these were changing the local firewall objects . It looks like that as identical names were used forsome of the local firewall configs, CSM needed to amend these with a unique name for each firewall so adding on -1, -2 e.t.c It also struggles with some of the AAA settings and IKE. I don't want to submit these changes due to the huge risk that involves but also not sure whether to dicard the changes ? Any advice out there ?
    Thanks in advance
    C

    Hi Chris,
    what you are observing is usually normal. CSM tries to reuse the names on the FW to give a name to the objects in the DB. If you import two FWs with some things named in the same way  (e.g. OBJECT-NAME) but with different content, CSM will import the first object as OBJECT-NAME and the second as OBJECT-NAME_X where X is a sequential number. CSM then, for consistency, will try to push the new name to the device as well.
    Another thing you might notice is that CSM is try to change the access-list by grouping services in a different way.
    I would say these are normal operation however I would suggest that before the first deployment you look at the preview of what will be pushed and carefully verify that everything is in place, although slightly modified.
    Stefano

  • Help required with CSM config?

    1. I request help on some pointers to URLs where I could find answers to my questions.
    2. Also I request for some CSM specialists to please look at the attached document and comment whether the config looks right for what the customer wants to achieve.
    3. I am not sure why the customer wants the .51 server never to be accessed when .50 is up and running. He wants .51 server to be accessed if and only if .50 server is down.

    you said the csm is not connected to the server vlan. So, you should not configure a vlan 12 on the CSM. Especially if you want your traffic to go through a firewall. Connecting the csm to vlan 12 would be a way to bypass the firewall.
    So, what you need is a route on an existing csm vlan to reach the servers via the firewall.
    Then, your customer clearly asked to have .51 as a backup of .50.
    So you need 2 serverfarms.
    One with onle server .50 and one with only server .51.
    You then configure the serverfarm .50 with serverfam .51 as backup.
    The 2nd would kick in only if .50 is down.
    You need predictor leastconn or roundrobin so destination nating can occur.
    The 'replicate' commands are used when you need stateful redundancy. They tell the CSM to replicate the information to the standby.
    Finally, bridge mode is not related to the ip addresses used for vip and real.
    You are in bridge mode when the CSM is configured with the same ip on 2 different vlans. In this case, the CSM will BRIDGE between those 2 vlans.
    The only url pointer I could give is the csm documentation guide. You may want to read it through to get yourself familiar with all the possible functions like backup serverfarm or replicate.
    Gilles.

  • CSM: need help, are you using shared policies only or inheritence or whatever

    I'm starting with CSM and the biggest problem for me is what to use shared policies only and/or local-inherited policies.
    it would be great to hear from you what you use and maybe even why. my environment is 2 FWSM 40 contexts and about 30 ASA Firewalls.

    Most users use shared policies. It is probably because they want to centrally manage the policy that is used in many devices, and not need to change the parent device every time they need to make a policy change in inherited policies.
    I hope it helps.
    PK

  • Help with dynamic NAT and CSM 4.4 and ASA 8.3

    Hello
    I currently try to add a dynamic NAT rule into CSM 4.4 for a ASA 8.3 device, but I fails at the deployment with the error message:
    Failed to generate delta config
    The following commands have not been recognized by the Configuration Parser:
    ==========================
    (inside,outside) source dynamic range-192.168.0.0_24 range-100.0.0.1_32 destination static any any
    So let's asume we use the internal IP Range for the users is 192.168.0.0/24 and we received the public IP Address 100.0.0.1/32 from our ISP.
    How do I have to do a normal dynamic NAT in CSM 4.4 for this case?
    Traffic comes from inside and has to leave the outside with the changed source IP.
    I would really appreciate a screenshot from CSM 4.4 which shows the correctly filled fields.
    Thanks
    Patrick

    Matty
    Not familiar with SIP so can't say for sure about that in terms of ports but some comments -
    1) you don't show other interfaces but presumably the LAN interface(s) has "ip nat inside" enabled
    2) the PBX subnet is 10.1.1.0/24 yet your static NATs are referring to 10.18.21.2 ?
    3) following on from 2) your PBX_SUBNET acl is wrong, it should be -
    ip access-list extended PBX_SUBNET
    permit ip 10.1.1.0 0.0.0.255 any      <-- note the last octet of the wildcard mask is 255.
    Edit - also assuming that any internal subnets not directy connected to the router have routes setup for them so you router knows how to get to them.
    Jon

  • CSM Load Balancer Help

    Hey,
    Just a quick question....
    Does anyone know a) if it's possible and b) how to have two servers off the CSM but instead of load-balancing between them make them a failover pair i.e. if server A goes down server B will take over - done using the same VIP?? It's needed because the application on the servers can't do load-balancing yet but can work in a failover way.
    I'm reading the book trying to work it out but if someone has done this before that would be great!
    Thanks
    Anthony

    Thanks for the responses.
    I'm using CSM 4.6(6) and have given what you suggested a go but have run into problems.
    When I disconnect the primary server I see that go out of service but that also knocks out the VIP and it never fails over to the second server. Am I missing something? I've attached the relevant parts of the config and would be greatful for any advice.
    serverfarm FARM1
    nat server
    nat client WEB
    real 10.2.250.10
    inservice
    probe HTTP
    serverfarm FARM2
    nat server
    nat client WEB
    real 10.2.250.11
    inservice
    probe HTTP
    vserver WEBTRAFFIC
    virtual 10.2.250.100 tcp www
    vlan 250
    serverfarm FARM1 backup FARM2
    persistent rebalance
    inservice
    I also had a go at creating that variable but it wouldn't let me...just said variable not configurable - but I'll play with that and see if I can work it out...I'm not so bothered as long as the backup part works.
    Thanks guys...
    Anthony

  • CSM-BridgeMode redundancy... Help

    I have been looking for a configuration example of CSM redundancy using two 6500 with a single CSM each in bridge mode.
    I already have one CSM working in one of the 6500s, I'm planning to install the second CSM to provide redundancy.
    Let's say that I'm using the following configuration in my working CSM:
    module ContentSwitchingModule 3
    vlan 210 client
    ip address 192.168.223.131 255.255.255.192
    gateway 192.168.223.129
    vlan 323 server
    ip address 192.168.223.131 255.255.255.192
    serverfarm FTPFARM
    nat server
    no nat client
    real 192.168.223.141
    inservice
    real 192.168.223.142
    inservice
    serverfarm HTTPSFARM
    nat server
    no nat client
    real 192.168.223.136
    inservice
    real 192.168.223.137
    inservice
    vserver FTPVIP
    virtual 192.168.223.140 tcp ftp
    serverfarm FTPFARM
    persistent rebalance
    inservice
    vserver HTTPSVIP
    virtual 192.168.223.135 tcp https
    serverfarm HTTPSFARM
    persistent rebalance
    inservice
    vserver HTTPVIP
    virtual 192.168.223.145 tcp www
    serverfarm HTTPSFARM
    persistent rebalance
    inservice
    What would I need to do in order to make it work in redundant mode with the other CSM?

    You will need to add IPs for the CSM peer on current CSM. The current config will
    be something like this (where x1 & x2 are the IP addr of the secondary CSM)
    for e.g.
    module ContentSwitchingModule 3
    vlan 210 client
    ip address 192.168.223.131 255.255.255.192 alt 192.168.223.x1
    gateway 192.168.223.129
    vlan 323 server
    ip address 192.168.223.131 255.255.255.192 alt 192.168.223.x2
    Then you need to configure a FT VLAN on MSFC (both chasis).For E.g if 900 is the FT VLAN then
    your FT config will be some thing like this
    ft group 1 vlan 900
    priority 20 alt 15
    heartbeat-time 1
    failover 3
    preempt
    ON secondary CSM just put these lines and the config will be syncronized
    module ContentSwitchingModule 3
    vlan 210 client
    ip address 192.168.223.x1 255.255.255.192 alt 192.168.223.131
    gateway 192.168.223.129
    vlan 323 server
    ip address 192.168.223.x2 255.255.255.192 alt 192.168.223.131
    ft group 1 vlan 900
    priority 15 alt 20
    heartbeat-time 1
    failover 3
    preempt
    For details
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/redun.html
    Syed

  • Application not working on CSM

    Hi ,
    Could some one explain whats the difference between the using the port and using the Any while configuring VIP on CSM?
    After configuring "Any" keyword under the context the application is not  working.
    (NOTE: If I change it to http it works eg:virtual 192.168.1.1 tcp http/port  number)
    Example:
    vserver usa
    virtual 192.168.1.1 tcp any  :-----If i change this "any" keyword with  tcp  port number it works
      replicate csrp sticky
      replicate csrp connection
      no persistent rebalance
      slb-policy fariha
      inservice
    policy fariha
    sticky-group 4
    serverfarm zain
    sticky 4 cookie zain insert
    The IOS running on the CSM is 2.2(3)
    Any help would be appriciated.
    Thanks
    Fariha

    The "tcp any" will allow connections to that Virtual IP on any TCP port.  If it is
    working using the specific port, it should be working using any.  Keep in mind that the CSM will accept and load balance using "tcp any," b
    ut your server may not be listening on that port and will reset the connection.
    As a best practice, you should define the specific port on the vserver for load balancing.  Using the "any" statement has it's purposes, but for general load blancing define the tcp/udp port number for your application.  This is also more secure.
    Kris

  • Problem with Syncing configuration to our CSM

    Recently we have had problems syncing between our pair of redundant CSM's.
    Here is the behavior we observe when we run the command on one of our 6500.
    ! config 6500-2
    module ContentSwitchingModule 2
    ft group 1 vlan 4
      priority 10 alt 20
    ! config 6500-1
    module ContentSwitchingModule 2
    ft group 1 vlan 4
    6500-2#hw-module csm 2 standby config-sync
    After we run this command on 6500-2 the log shows that the sync happens and the CSM config is deleted on 6500-1 and then nothing happens.
    Here is the exact logout on each of the 6500.
    6500-2(ACTIVE)
    May 28 17:45:11.353 est: %CSM_SLB-6-REDUNDANCY_INFO: Module 2 FT info: Active: Bulk sync started
    May 28 17:45:11.369 est: %CSM_SLB-6-REDUNDANCY_INFO: Module 2 FT info: Active: Sending configurations to Standby CSM, this may take several minutes!
    May 28 17:45:12.749 est: %CSM_SLB-6-REDUNDANCY_INFO: Module 2 FT info: Active: Sending configuration to Standby CSM
    May 28 17:45:14.869 est: %CSM_SLB-6-REDUNDANCY_INFO: Module 2 FT info: Active: Sending configuration to Standby CSM
    May 28 17:45:24.345 est: %CSM_SLB-6-REDUNDANCY_INFO: Module 2 FT info: Active: Manual bulk sync completed
    May 28 17:45:24.349 est: %CSM_SLB-4-REDUNDANCY_WARN: Module 2 FT warning: Config Sync does not save Standby running-config to startup-config
    6500-1(STANDBY)
    May 28 17:45:17.088 est: %CSM_SLB-6-REDUNDANCY_INFO: Module 2 FT info: Standby: Started clearing configuration
    May 28 17:45:17.088 est: %CSM_SLB-6-REDUNDANCY_INFO: Module 2 FT info: Standby: Completed clearing configuration
    May 28 17:45:17.096 est: %CSM_SLB-4-REDUNDANCY_WARN: Module 2 FT warning: Standby: Config Sync does not save running-config to startup-config
    May 28 17:45:17.100 est: %CSM_SLB-6-REDUNDANCY_INFO: Module 2 FT info: Standby: Previous configuration are being deleted from supervisor
    May 28 17:45:17.104 est: %CSM_SLB-6-REDUNDANCY_INFO: Module 2 FT info: Standby: Previous configuration being deleted on Standby CSM
    May 28 17:45:17.104 est: %CSM_SLB-6-REDUNDANCY_INFO: Module 2 FT info: Standby: New configuration are being configured
    As you can see the configuration ends up being deleted from the STANDBY and the new configuration never gets configured to 6500-1(STANDBY).
    We have tried replacing the SUP engine however this did not help.  We will try to replace the CSM next.  If anyone can shed some light on why this would happen I would apreciate it.

    Hi
    pls check for IOS bug CSCtd09117  and CSCsx64648

  • CSM 3.1, problem with adding a new firewall context

    Hi,
    when trying to add and deploy a new firewall context I get this error message " Please create the interface roles on devices".
    Could you please advice me on this issue?
    Thank you,
    Trond

    You probably need to go under the system context and create the interface and also allocate vlans to it in CSM before you configure the context itself.
    I hope it helps.
    PK

  • What is the current way of managing the CSM using a GUI?

    Hi, My customer is using CiscoView device manager 1.1 for the content switching module but it's a nightmare and full of bugs, it's also end of life.
    Does anyone know the current way of monitoring or configuring the Content Switching Module?
    Many Thanks in advance
    Dom

    Hi Dom,
    I believe what you are looking for is called the Cisco Application Networking Manager 3.0.  This is the GUI configuration, management, and monitoring tool for the Application Control Engine (ACE), but also supports the managment of CSS, CSM, CSM-S, and GSS.  See the link for more details.
    Also, it should be noted that both the CSM and CSM-S have recently been announced End-of-Life.  The ACE would be your path after the CSM.  See the link for more details on that too.
    Hope this helps,
    Sean

  • Is there a way to automate IOS IPS signature updates without CSM?

    I have a growing number of 891 routers running IOS IDS/IPS. My Cisco vendor has stated repeatedly that CSM is the only way to manage signature updates to multiple routers, but I'm finding CSM to be incredibly tedious and slow. It also wants to manage a lot more than just the IPS policies and signatures which causes other problems.
    I have about 160 routers deployed now and that will grow to at least 600. I have CSM 3.3.1. I'm told 4.x would make it easier becasue it can be configured to ignore more of the non-IPS bits of the router configs, but the upgrade is a big chunk of money that wouldn't be in the budget until at least 2012.
    Is anybody doing this with an expect script or EEM applets or something else? It seems to me that I could manually upload an update to one router and push the resulting XML files to all the other routers a lot easier and faster than I could "discover" a bunch of routers in CSM (and rediscover them every time we make a CLI change), add the routers to a group, apply updates to a sig policy, lather, rinse, repeat..., not to mention troubleshooting the weird errors and completely wron "warnings" that CSM spews.
                   Thanks in advance!

    From IOS version 15.1(1)T, you can configure the IOS IPS to auto update from cisco.com which would help I believe.
    Here is the configuration guide for your reference:
    http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_ips5_sig_fs_ue_ps10591_TSD_Products_Configuration_Guide_Chapter.html#wp1138659

  • I need help to format my laptop

    I am Brazilian and do not speak well in inbles, please forgive me first of all. I want to ask for help at all, I'm having trouble formatting my Toshiba laptop I bought with windos 8, I want to downgrade to windows 7. Cant work the DVD system.
    photo:
    Solved!
    Go to Solution.

    Once you change the bios your hard drive will show up to install windows 7, sometimes the bios will need to be updated before the CSM option will appear.
    INSTRUCTIONS:
    First - Burn recovery media before you make any changes! -you may want or need to go back to windows 8 later-
    Second -
    Important Bios changes when changing from Windows 8 to Windows 7:
    Completely shut down laptop (Shut down Windows 8 while pressing the Shift key to completely power off.) then restart computer and hold f2 when the screen goes black and wait for the bios setup utility to launch.
    Select advanced, then system configuration, then boot mode
    UEFI and CSM or legacy  (UEFI for Windows 8 and CSM or legacy for windows 7)
    For windows 7 change to CSM or Legacy mode.
    Third -  Also in bios setup utility select - Security, then Secure Boot, then you have to disable secure boot for windows 7.
     You will need to delete all partitions before installing windows 7 this is done forth step.
    Forth - Insert your windows 7 disc and select custom install, your partitions should show up - click on each one and below you will see advanced drive options, click that and you will have options to format - format each one, then delete each one. You will be left with one raw partition, select to install and windows will do the rest while installing the operating system.
    Fifth - install drivers
    Installation order is important:
    Install chipset driver then video driver before other drivers. Then install Toshiba Value added package before other applications
    Your support page is here - http://support.toshiba.com/support/modelHome?freeText=1200007943
    These windows 7 64 bit drivers may work for Satelite C55-A5105 - http://www.toshiba.eu/innovation/download_drivers_bios.jsp?service=EU&selCategory=2&selFamily=2&selS...
    Post your results!
    S70-ABT2N22 Windows 7 Pro & 8.1Pro, C55-A5180 Windows 8.1****Click on White “Kudos” STAR to say thanks!****

  • CSM load balancing

    I have an interesting problem. I have a VIP with a two server, serverfarm. Originally the VIP and serverfarm were doing load balancing in the switch IOS and the vip was configured with a 27 bit subnet mask. I moved the configuration to our csm mod and removed the subnet mask. The original sticky was set to 120 and I reset the sticky to 30 as part of the move. Now the load balancing is extremely off kilter (200 connections to 7). Any ideas what could be amiss?

    Real servers are physical devices assigned to a server farm. Real servers provide the services that are load balanced. When the server receives a client request, it pulls matching information from a disk and sends it to the CSM for forwarding to the client.
    You configure the real server in the real server configuration mode by specifying the server IP address and port when you assign it to a server farm. You enter the real server configuration mode from the serverfarm mode where you are adding the real server.
    This URl should help me:
    http://www.cisco.com/en/US/products/hw/switches/ps708/products_installation_and_configuration_guide09186a00801760d0.html#xtocid439743

  • Manual for CSM-Q87M-E43 ?

    Where is the Manual for www msi com/product/mb/CSM-Q87M-E43.html ?
    And why is "www msi com" a "not allowed" external link?

    The manual is not offered for public download as it seems. Maybe that's because it is rather a business product than meant for home use. In any case what you want is theoretical possible (even in dual channel) but way not recommended. Mixing different memory is like asking for for problems. In worst case you are ending up with a black screen and a non working system. To ensure stability (especially for corporate use) and prevent sudden errors or loss of data use matched kits of sticks with identical sizes. Best would be a kit of 2*8G (=16GB) if you need more than 8GB.
    If you want to ask MSI for the manual (but which wouldn't help you with your question anyway): >>How to contact MSI.<<

Maybe you are looking for

  • Profile with 2 Exchange accounts - Message received and recalled in one account is notified as recalled even from other account

    When 2 exchange accounts are active on the same profile (e.g. Company A and Company B), and a message is received to one of the two account (e.g. internal mail in Company A), notification of recall is sent even from the second profile (Company B). Th

  • Payment not credited

    Hi there I'm sorry to hear that your payment was not applied to your account. I can help you with that! Can you please send me a private message by Clicking Here and include the following information? Full name Cell number Best time to reach you Than

  • Program / FM to attach documents to a delivery

    Dear All, Do we have a program or a BAPI to upload a documents (PDFs) to a delivery (VL02N). Requirement is, we will have thousands of deliveries, into which we need to upload documents every month. So, the process has to run as a job. Thanks in adva

  • Using iMessage on deactivated 4s

    I upgraded from a 4S to a 5.  I erased and reset the 4s for my daugter to use as an ipod.  I set up an apple ID for her and signed in on the 4s using that ID.  The 4s is backed up on itunes as well.  The wifi imessaging does not work.  What do I need

  • Proxy port number gets formmated with a comma

    When setting up a proxy for a connection the proxy port is formatted using the number formatting for the current locale. This results the port to be formatted as 3,128. Anyone else is experimenting the same? any solutions?