How can ftp service on non-standard port be load balanced using Cisco ACE.

How can ftp service on non-standard port be load balanced using Cisco ACE.For example ftp service required on tcp 2000 port

Hi Samarjit,
you can do this by specifying the port number in the class map that you create . Please find the below mentioend config guide where you can specify the tcp/udp port , range or ports or even the wild card to match the port.
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html#wp1318826
Regards
Abijith

Similar Messages

  • Doing proper NAT to FTP connections on non-standard port

    Router 1712, IOS 12.3
    There is an article from Cisco, "Using Non-Standard FTP Port Numbers with NAT".
    http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e76.shtml
    It explains how to enable NATting router to perform proper translation of NAT-sensitive protocols, in this case FTP.
    The article assumes that the FTP server in question is on the inside interface of the router.
    The configuration proposed by the article is as follows:
    interface Ethernet0
    ip address 10.1.1.2 255.255.255.0
    ip nat inside
    interface Serial0
    ip address 192.168.10.1 255.255.255.252
    ip nat outside
    ip nat service list 10 ftp tcp port 2021
    ip nat inside source static 10.1.1.1 20.20.20.1
    access-list 10 permit 10.1.1.1
    In my case, the FTP server in question is on the outside interface. The router is performing source NAT for outbound connections. An example of my config is below:
    interface Ethernet0
    ip address 12.34.56.1 255.255.255.0
    ip nat outside
    interface Vlan324
    ip address 10.1.1.2 255.255.255.0
    ip nat inside
    ip nat service list 10 ftp tcp port 2021
    ip nat inside source static 10.1.1.100 12.34.56.100
    access-list 10 permit 12.34.56.200
    With this configuration, Layer 3 NAT is working. I'm able to establish an FTP control channel and issue FTP commands. However, I think that the IP addresses inside FTP control channel are not translated properly (to 12.34.56.100). Therefore, the FTP data channel is not working.
    I tried to enable the following debug, however didn't see any entries related to FTP control channel translation:
    debug ip nat
    debug ip nat detailed
    debug ip snat
    debug ip snat detailed
    debug ip ftp
    debug ftpserver
    My question is:
    Is the "ip nat service list <acl> ftp tcp <port>" command supposed to work when the FTP server in question is on the outside interface of the translating router ?

    Hi,
    I see that this question was asked quite some time ago but I have come across the same issue, i.e when the server is on the outside interface the ip in the "PORT" command from the client is not translated.
    Did you ever get a fix for it?
    Thanks

  • How can I support a health check, from a load balancer?

    My company has load balancers which use health checks to determine if the end point is available for client traffic. The basic health check is a tcp ping, and will tell you if the device is on the network. The next level of health check is an http request. This request, and the response are static, you can’t create your own version of the request and response. The standard request is this:
         http://host:port/healthcheck/hc.html
    The standard response is this:
         “The server is available”
    I want to use the load balancer as part of my total deployment. The problem is that I am not seeing how to support this health check request and response in the MDEX engine. What I see is this request
         http://host:port/admin?op=ping
    Will return this response
         dgraph <host>: <port> responding at <day month year time>
    It is nice that there is a built in ping, but I am not able to make use of it. I am new to Endeca and still poking around. The dgraph process listens on a port set up in <…>/config/script/AppContext.xml
    <dgraph id="Dgraph1" host-id="MDEXHost" port="3281">
    <properties>
    <property name="restartGroup" value="A" />
    <property name="updateGroup" value="a" />
    </properties>
    <log-dir>./logs/dgraphs/Dgraph1</log-dir>
    <input-dir>./data/dgraphs/Dgraph1/dgraph_input</input-dir>
    <update-dir>./data/dgraphs/Dgraph1/dgraph_input/updates</update-dir>
    </dgraph>
    (I am not using the default port, as I only have an instance on a shared server and have to worry about port clashing. But that is a different thread.)
    In a standard tc Server install I can support this health check by doing this:
    * Create a directory named “healthcheck”, in the “webapps” directory.
    * Place a file name “hc.html” in that directory, which contains “The server is available”
    The one hack which comes to mind is to write a servlet which would be able to be a smart proxy for the load balancer health check. It would pass along any regular traffic to the MDEX engine. But if the request was a health check it would send “admin?op=ping” to the MDEX engine, and for a good response from the engine, create and pass back the correct response to the load balancer.
    Ideas, comments, flames, …
    Thanks

    Hi, we are using following String to test the MDEX ping response but we get the invalid version formation on dgraph.log -
    following is on F5
    GET /admin?op=ping HTTP/1.1/r/nHost:myhost.endeca.com:19000/r/nConnection:close/r/n/r/n
    Following gets logged on Dgraph.log
    WARN 09/05/12 05:30:03.799 UTC (1346823003799) DGRAPH {dgraph} Invalid version format in 'HTTP/1.1/r/nHost:myhost.endeca.com:19000/r/nConnection:close/r/n/r/n'
    Please let me know - if you have any suggestions to solve this issue.
    I know that it works from browser and wget from unix with following commands.
    wget http://myhost.endeca.com:19000/admin?op=ping - from unix command line
    from browser:
    http://myhost.endeca.com:19000/admin?op=ping
    Thanks,
    Ram

  • CSS 11501 ftp server setup problem using non-standard port

    Dear Expert,
    we would like to setup FTP server over CSS where our member sever use non-std-port to open both control/data channel (i.e. 6370 as ctrl and 6369 as data this case.) but seems we only get Passive mode FTP mode work only but not for Active mode FTP case for data channel establishement for server back to client...is there any professional advise can help on this case...? here is our setup info FYI
    #  sh ver
    Version:               sg0820501 (08.20.5.01)
    Flash (Locked):        08.10.1.06
    Flash (Operational):   08.20.5.01
    Type:                  PRIMARY
    Licensed Cmd Set(s):   Standard Feature Set
                           Secure Management
    CVDM Version:          cvdm-css-1.0_K9
    !*************** Global
    ftp data-channel-timeout 10
      ftp non-standard-ports
    !************************** SERVICE **************************
    service ftp_ftpgtw
      keepalive maxfailure 2
      keepalive frequency 15
      keepalive retryperiod 2
      keepalive type tcp
      ip address 192.168.52.170
      protocol tcp
      keepalive port 6370
      port 6370
      active
    # sh run group drfusegtwftp_grp 
    !*************************** GROUP ***************************
    group gtwftp_grp
      vip address 192.168.52.28
      add service ftp_ftpgtw
      active
      content ftp_gtwpkg-ftpgtw
        add service ftp_ftpgtw
        vip address 192.168.52.28
        port 21
        protocol tcp
        application ftp-control
        active

    Thanks for your confirmation on no prob found in config level 1st..:P..as to save us a lot of time in isolating problem at this level.
    What we can notice is seems the data port connection is fail to open  for server back to client....for our general sense..... the flow expected should be:
    TCP session A -- Client:1234 --> VIP:21 --> member svr:6370
    TCP session B -- Client: 5678 <--> VIP:20 <--> member Svr: 6379 [on demand generated between server/client]
    but we can only see session B fail  to setup when client side access VIP site on CSS..even we try to put the most standard case as below
    TCP session A -- Client:1234 --> VIP:21 --> member svr:21
    TCP session B -- Client: 5678 <--> VIP:20 <--> member Svr: 20
    we still unable to make the Active mode FTP access work either...hence we got no idea on how CSS handle FTP access when it involve services over multiple tcp ports..
    and from CSS xlate view...the problem is we can only see what NAT IP that used in CSS connect to client...but no way to confirm for which port for VIP using outgoing to client. neither it is dropped by CSS..nor it is never setup from VIP to Client side.

  • Does it Possible? Double non standard-port FTP servers on PAT?

    Hello everyone!
    I need to know how to configure 2 ftp servers for following topology on pic.
    non standard ports
    I can do translation on 1 ftp server (http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13776-6.html)
    but when I am trying to add second FTP server I get following:
    #ip nat inside source static 192.168.1.129 46.229.139.130
    % similar static entry (192.168.1.236 -> x.x.y.y) already exists
    Thank you.

    Hello Jody.
    That's is great! Thank you! Just added couple "ip nat service" and now working!
    Also I noticed one thing.. 2 FTP servers is NAS Synology and that FTP servers have been configured slightly different. Look at the screenshot. With checked box "Report external ip in PASV mode".
    When FTP server with marked box it's doesn't work.
    When FTP server with unchecked box it does work.
    I've noticed that different and fixed it.
    Very interesting in the reason of that difference.

  • How to use non-standard port for vnc?

    Our Windows users who use RDC to connect to their desktops from off-site come in on a non-standard port number. Part of our security setup.
    I'd like to do the same with Mac users who use screen sharing and vnc to connect remotely.
    How can I specify another port number at both ends to accomplish this?
    I can find nothing in the Network Utility app, or in the KB.
    Surely there's a short sequence of Terminal commands that will do this?

    I haven't tried this so don't know whether it will work. But I think it will. Presuming the target machine is a Mac, see if editing its /etc/services file will do it. Find the two lines that start with "vnc-server" and change the port number there. Launch Terminal.app as an administratively privileged user, sudo pico /etc/services, ^w to search for vnc-server, make the changes, ^x to exit, y to save and overwrite. Also, you will need to have screen sharing enabled in the target machine's System Preferences' Sharing, and the authorized users defined there, too. Reboot. Now, on the remote client, assuming it is also a Mac, the user would type ⌘k in the Finder (or mouse to Finder > Go > Connect to Server), and enter something like vnc://123.45.67.89:55900 where you substitute the actual IP address or host name for where I have entered 123.45.67.89, and where you substitute the actual alternate port number where I have entered 55900. Of course, in the clients' Screen Sharing's Preferences, they should choose to encrypt the entire session, not just the login. Like I said, I haven't tried this because I just tunnel my vnc stuff through ssh, but I'm thinking that this should work.

  • Cisco Secure ACS 5.6 Backup to FTP server listening on non-standard ports

    When defining a software repository from CLI or GUI, I have not been able to define the custom port that our FTP server is listening on.  Does ACS support the use of custom ports for FTP?

    Hi Anthony,
    I don't thing so it will support non-standard ports as the options are only Disk,FTP,SFTP,TFTP and NFS.
    Regards,
    Chris

  • Reverse proxing on non-standard ports

    Hi,
    I want to create a new Reverse proxy mapping between an application and a GlassFish instance running on non standard port (not 80 / 443). Creating a mapping for HTTP works fine, but I can't find a way to map both the http and the https ports to the mapping.
    I have an application SecurityTest running on instance
    http://links.mycompany.com:38081/rsd/SecurityTest
    https://links.mycompany.com:38182/rsd/SecurityTest
    I want a mapping for the application
    http://www.mycompany.com/rsd/SecurityTest/ -> http://links.mycompany.com:38081/rsd/SecurityTest
    https://www.mycompany.com/rsd/SecurityTest/ -> https://links.mycompany.com:38182/rsd/SecurityTest
    The application is more or less a hello world servlet that is secure (form login) so it switch from HTTP to HTTPS when not logged in to ask for the username / password. Mapping to the http port works for the public page, the redirect gives an error:
    Gateway Timeout
    Processing of this request was delegated to a server that is not functioning properly.
    Can anyone tell me how to configure the Web Server to make it work?
    thanks

    Hi,
    I still get the same error:
    [12/Nov/2007:14:34:50] failure (16473) rsdts.mycomp.com: for host i78473.mycomp.com trying to GET http:/lidip/, service-http reports: HTTP7765: error reading response header (Server closed connection)
    And:
    Bad Gateway
    Processing of this request was delegated to a server that is not functioning properly.
    I don't get any logs on the other side...

  • Terminal: Stored Remote Connection with non-standard Port?

    Hi,
    I am new to MacOS and I am amazed by the integrated terminal. However, I sometimes need to connect to servers which use a non-standard SSH port, for example, 2020. I know that I can manually connect, but for convinience, I'd like to have a saved remote connection including the non-standard port. Is this possible somehow?
    Thanks,
    Felicitus

    I did some experimentation, using Terminal.
    Terminal -> New Remote Connection -> Service -> [+]
    now enter your own new service which includes
    /usr/bin/ssh -p 50022
    I found I had to enter a bonjour entry to get it to accept my new service, but once I did, I was able to use that new service with the custom -p 50022 port value.
    Your mileage may vary. I still prefer iTerm.
    Oh yea. In the future, Terminal and Unix oriented questions are better asked in the Mac OS X Technologies > Unix Forum
    <http://discussions.apple.com/forum.jspa?forumID=735>

  • In FireFox 9, loading secure web pages running on non-standard ports works just fine. In FireFox 10, those same pages do not load and a "The connection was reset" message is displayed.

    How can this be fixed so functionality returns as per FF9 and below?
    This occurs on any secured website running on a non-standard port, with FF10.

    < X-Post from https://support.mozilla.org/en-US/questions/917315#answer-315144 >
    I don't think this is restricted to Firefox. I've noted this behaviour with IE9, Firefox 10.0.2, Opera Mobile (on my phone) and Chrome(latest version) with my Linksys E3000 router (I access it from https://<IP>) and my 3ware RAID card management suite, 3DM2 (I access it from https://localhost:888 ).
    Notably, the only thing amiss that I've been able to see in the certificates (I'm no expert) is that the one from Linksys has issue and expiry dates in 1969 and 1970 respectively. However, I don't think this is the cause since 3DM2 has proper looking issue dates and has the identical problem.
    Coincidentally, I noticed this happening after a fresh reinstall of Windows 7 x64 with virtually nothing installed on it (FF, Office 2007), so I don't think it's something wrong with the other software on the machine.

  • Mount smb-share from non-standard port

    Hi everybody!
    I have an SMB-Server running on a non-standard port (>1024) how can I establish a connection from the Finder? I have tried smb://serverip:port/share but unless I did something wrong, it didn't work...
    Any ideas?
    confusion
    quad g5 | MacBook 2GHz   Mac OS X (10.4.7)   Geforce 7800GT, 2.5GB RAM | 1GB RAM

    try the browse button to see if it comes up.
    you are trying the right syntax i.e one would have thought that would work.
    smb://server:1024

  • Accessing websites running on non-standard ports or with self-signed ssl certs?

    I've got some sites running using self-signed ssl's that also run on non-standard ports. Firefox home doesn't seem to open these pages it just sits there with the spinner loading and a blank screen...
    Anyone else noticed this?

    If the ASA is using a certificate issued by a CA that is in the client's trusted root CA store, then the ASA identity certificate does not need to be imported by the client.
    That's why it's generally recommend to go the route of using a well-know public CA as they are alreay included in most modern browsers and thus the client doesn't need to know how to import certificates etc.
    If you are using a local CA that is not in the client's trusted root CA store to issue your ASA identity certificate or self-signing certificates on the ASA then you need to take additional steps at the client.
    In the first case, you would import the root CA certificate in the trusted root CA store of the client. After that, any certificates it has issued (i.e the ASA's identity certificate) would automatically be trusted by the client.
    In the second case, the ASA's identity certificate itself would have be installed on the client since it (the ASA) is essentially acting as it's own root CA. I usually install them in my client's Trusted Root CA store but I guess that's technically not required, as long as the client knows to trust that certificate.

  • How can the symbol and non-English diacritical marking, etc accessed with combinations of letters and functional keys prior to Snow Leopard be achieved in Snow Leopard?

    How can the symbol and non-English diacritical marking/punctuation pallet, available in pre-Snow Leopard OSes with various combinations of letter or number keys and functional keys, be accessed in Snow Leopard?  Those pre-Snow Leopard versions worked on the fly as one was making text in any pedestrian application and its native font (Mail, Text Edit, for example).  One didn't need to dig around in font libraries, change font preferences, etc.

    > One didn't need to dig around in font libraries, change font
    > preferences, etc.
    It hasn't worked like that since the Early Chalcolithic (ie, System 7 or thereabouts).
    You've already got plenty of answers. Briefly (and grossly oversimplified),
    - Mac OS X conforms to a standard known as Unicode; in its current incarnation, it defines over 100k characters.
    - A keypress is translated into a character according to the current keyboard layout.
    - The graphic representation of a character (ie, glyph), is provided by the current font.
    - If a font lacks a glyph for the requested character, either another font will be automatically chosen (Mac OS X text engine), or some form of feedback (empty box, question mark, etc) will be used.
    - To inspect the actual key codes, use a utility such as Key Codes.
    - To inspect the current keyboard layout, invoke Keyboard Viewer.
    - To inspect the full complement of glyphs of a font, invoke Character Viewer (also accessed with the Special Characters command).
    (Remember that both these utilities are resizable and zoomable -- you can enlarge them to a comfortable viewing size, then zoom out to see more of the screen for your original task.)
    - For a more detailed look, use a utility such as UnicodeChecker.
    - The default keyboard layout depends on your Mac OS X localisation.
    (Keep in mind that there's no need to stick with the default layout; choose whichever one makes sense to you, given your language, habits, and proclivities. Mac OS X comes bundled with quite a few, including some obviously designed for the huddled masses of refugees from the Dark Side, who, in their wretched ignorance, have the unmitigated gall of labelling our native ways "really uncomfortable". Oh well, this, too, shall pass.
    If none of the supplied keyboard layouts fits your needs -- if, for instance, you write your emails in Etruscan -- go out on the 'net, you'll find quite a few. Or write your own with Ukulele, it's not really all that difficult.)
    - Use Keyboard Viewer to familiarise yourself with the current layout and to enter the odd character; but, to be proficient, you should learn your layout to the point that KV is no longer needed.
    - Use Character Viewer to enter the odd character not available in the current keyboard layout.
    Neither Keyboard Viewer nor Character Viewer are effective tools for more extensive needs, eg, for writing and editing bilingual or multilingual texts. In such a case, you should enable the respective keyboard layouts and switch between them with a keyboard shortcut.
    A few interesting layouts bundled with Mac OS X have already been mentioned. Let me add three.
    - Dvorak: several layouts based on the Dvorak keyboard. It is claimed that the latter is more productive and lessens RSI risk.
    - US Extended: based on QWERTY, it offers a more extensive set of diacritics (eg, caron, breve) via dead keys.
    - Unicode Hex Input: also based QWERTY, it allows input by Unicode codepoint (in hexadecimal), so it's the most extensive layout of all; eg, to enter the character "Parenthesized Number Twelve" (U+247F), hold down Option, type "247f", release Option.

  • Running the BO servers on non standard ports XIR2

    Hi all,
    I need to know how to get the bo servers to register with the cms when it is running on a non-standard port. The port I'm using is 6409, so I have tried adding -port 6409 to the command line string, but that didn't work.
    I'm running two instanceson BO on the box hence the need for non standard ports.
    Any thoughts?
    TIA,
    Jeff

    -port switch is the correct way to accomplish this.
    So your CMS will have -port 6409, the rest of servers will have -ns cmsname:6409 in their comand line.
    You might want to look at adding -requestport switches as well....
    Please review Admin guide for more details on usage of those switches.

  • Cannot setup work email using SSL on non standard port

    All,
      I've been trying now for a few hours to setup a corporate email account.  I've tried via the curve and via the bb internet service but in both cases since the service cannot detect the settings since a non standard port is in use I cannot use the the service and am considering returning the device to go with another easier to use device.  I love the hardware design but if I cannot setup my corporate email this is no good to me.  I'd appreciate any tips anyone has.
    Thanks,
      Frustrated.

    Your corprorate email account is an exchange server or what?
    You are on a personal BIS plan?
    1. If any post helps you please click the below the post(s) that helped you.
    2. Please resolve your thread by marking the post "Solution?" which solved it for you!
    3. Install free BlackBerry Protect today for backups of contacts and data.
    4. Guide to Unlocking your BlackBerry & Unlock Codes
    Join our BBM Channels (Beta)
    BlackBerry Support Forums Channel
    PIN: C0001B7B4   Display/Scan Bar Code
    Knowledge Base Updates
    PIN: C0005A9AA   Display/Scan Bar Code

Maybe you are looking for