How to buy Cisco (ACE-UPG2-LIC=) 8Gbit to 16Gbit?
The Cisco (ACE-UPG2-LIC=) product is an upgrade from 8Gbit to 16Gbit throughput. How does a customer get this license? It is for the Cisco ACE 20 or ACE 30 Modules, which I believe are End of Sale, but still supported.
Any help would be appreciated..
Thanks,
RO
You cannot buy the license. Neither Cisco nor any authorized reseller will sell it as the product is no longer for sale (as of 24 January 2014). Reference.
You need to either make do with the ACE you have or migrate to a different ADC platform (like the Citrix Netscaler, F5 BigIP, A10 Networks appliances, etc.).
Similar Messages
-
How can ftp service on non-standard port be load balanced using Cisco ACE.
How can ftp service on non-standard port be load balanced using Cisco ACE.For example ftp service required on tcp 2000 port
Hi Samarjit,
you can do this by specifying the port number in the class map that you create . Please find the below mentioend config guide where you can specify the tcp/udp port , range or ports or even the wild card to match the port.
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html#wp1318826
Regards
Abijith -
How Cisco ACE open connections to rservers?
Hi
How Cisco ACE decides that a new connection must be open to an rserver? I observed a spike of connections to 10x normal and want to understand what makes ACE open more connections to the rservers (besides more traffic coming in).
As a follow up, is there a way I can check if sessions are getting replicated across rservers? I am using 'persistence rebalance' strict along with ‘cookie-insert’ for session stickiness.
I am on a ACE20-MOD-K9 using system A2 (3.5)
Regards,
ManuelI do not know the answer to the connection question but I may be able to help on the session question.
Now, if you are referring to session replciation between two ACE modules? If so, you can do 'sho sticky database detail' and you will see two lines at the bottom of each entry for
created-from-HA-peer: FALSE
HA-replicated-at-least-once: TRUE
Now if you wanting to see if sticky sessions are divided evenly between the rservers, I often use
sh sticky database group | inc | count
and then run that for both real servers and will show how many sticky entries are on each real server. -
How can I get ACE demo license in cisco?
Hi everyone,
I would like to get ACE demo license..
minimum 50VC and 16G bandwidth to demo on my customer site.
But I can't find the demo license in cisco
Now I use the cisco ACE demo, I can't open service request to get license , due to demo device,
Thank youHI,
To get the ACE demo licenses, contact your Cisco account representative.
As per my knowledge there is no link where you can download the demo license. Or the other way is to contact the cisco licensing team providing your device data.
Regards,
Inayath. -
How to monitor memory on Cisco ACE Appliance 4710?
I'm trying to monitor the memory usage in balancers Cisco ACE Appliance 4710 with version A3 (2.2), but the OIDs cpmCPUMemoryUsed (.1.3.6.1.4.1.9.9.109.1.1.1.1.12) and cpmCPUMemoryFree (.1.3.6.1.4.1.9.9. 109.1.1.1.1.13) not work.
What the right OID to monitor memory usage in balancers Cisco ACE 4710 Appliance?HI,
You need to use CISCO-ENHANCED-SLB-MIB .
cpmProcExtMemAllocatedRev .1.3.6.1.4.1.9.9.109.1.2.3.1.1 (this gives the memory allocated to each process)
You can also read up on the mib
Hope this helps
Venky -
How to test a cisco ACE loadbalancer.
Hello guys, I am new on this site. I have deployed a Cisco ACE 4710 loadbalancer, and it is loadbalancing 2 real servers. Is there any way or commands I can use to see if it is loadbalancing properly.
"show serverfarm" will show you the load-balanced connections to each real. Also try "show service-policy <> class-map <> detailed" and check client and server hits counts.
"show connection" also. -
Urgent!!! Cisco ACE and asymetric routing assistance needed
I am wondering if someone can give me pointers on the cisco ACE
and asymetric routes. I've attached the diagram:
-Cisco IOS IP address is 192.168.15.4/24 and 4.1.1.4/24
-Firewall External interface is 192.168.15.1/24,
-Firewall Internal interface is 192.168.192.1/24,
-F5_BigIP External interface is 192.168.192.4/24,
-F5_BigIP Internal interface is 192.168.196.1/24 and 192.168.197.1/24,
-host_y has IP addresses of 192.168.196.10/24 and 192.168.197.10/24,
-Checkpoint has static route for 192.168.196.0/24 and 192.168.197.0/24
pointing to the F5_BigIP,
-host_y is dual-home to both VLAN_A and VLAN_B with the default
gateway on host_y pointing to VLAN_A which is 192.168.196.1,
-host_x CAN ssh/telnet/http/https to both of host_y IP addresses
of 192.168.196.10 and 192.168.197.10.
In other words, from host_x, when I try to connect to host_y
via IP address of 192.168.197.10, the traffics will go through VLAN_B
but the return traffics will go through VLAN_A. Everything
is working perfectly for me so far.
Now customer just replaces the F5_BigIP with Cisco ACE. Now,
I could not get it to work with Asymetric route with Cisco ACE. In
other words, from host_x, I can no longer ssh or telnet to host_y
via IP address of 192.168.197.10.
Anyone knows how to get asymetric route to work on Cisco ACE?
Thanks in advance.That won't work because ACE uses the vlan id to distinguish between flows.
So when the response comes back on a different vlan, ACE can't find the flow it belongs to and it drops it.
Even if we could force it to accept the packet, ACE would then try to create a new flow for this packet and it will collide with the flow already existing on the frontend.
You would need to force your host to respond on the same vlan the traffic came in.
This could be done with client nat on ACE using different nat pool.
Gilles. -
How to buy license? for AIP-SSM-10 ?
Hi all
how to buy license? for AIP-SSM-10 ?
1. CON-SU1-AS1A1PK9 this is Cisco SMARTnet Support for AIP-SSM-10
2. do I need smartnet for ASA ?
3. what is part number of license ?
ASA5510test# session 1
Opening command session with slot 1.
Connected to slot 1. Escape character sequence is 'CTRL-^X'.
login: cisco
Password:
***NOTICE***
This product contains cryptographic features and is subject to United States
and local country laws governing import, export, transfer and use. Delivery
of Cisco cryptographic products does not imply third-party authority to import,
export, distribute or use encryption. Importers, exporters, distributors and
users are responsible for compliance with U.S. and local country laws. By using
this product you agree to comply with applicable laws and regulations. If you
are unable to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
***LICENSE NOTICE***
There is no license key installed on the SSM-IPS10.
The system will continue to operate with the currently installed
signature set. A valid license must be obtained in order to apply
signature updates. Please go to http://www.cisco.com/go/license
to obtain a new license or install a license.
sensor#
sensor# sh ver
Application Partition:
Cisco Intrusion Prevention System, Version 6.0(6)E3
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S399.0 2009-05-06
Virus Update V1.4 2007-03-02
OS Version: 2.4.30-IDS-smp-bigphys
Platform: ASA-SSM-10
Serial Number: ........
No license present
Sensor up-time is 21 min.
Using 655507456 out of 1032499200 bytes of available memory (63% usage)
application-data is using 39.7M out of 166.8M bytes of available disk space (25%
usage)
boot is using 37.6M out of 68.6M bytes of available disk space (58% usage)
MainApp N-NUBRA_2009_JUL_15_01_10_6_0_5_57 (Ipsbuild) 2009-07-15T01
:15:08-0500 Running
AnalysisEngine N-NUBRA_2009_JUL_15_01_10_6_0_5_57 (Ipsbuild) 2009-07-15T01
:15:08-0500 Running
CLI N-NUBRA_2009_JUL_15_01_10_6_0_5_57 (Ipsbuild) 2009-07-15T01
:15:08-0500
Upgrade History:
IPS-K9-6.0-6-E3 17:48:06 UTC Wed Jul 15 2009
Recovery Partition Version 1.1 - 6.0(6)E3
sensor#Hi,
CON-SU1-AS2A10K9 contract if for ASA+IPS bundle. If AIP-SSM-10 ws purchased as a spare the contract would be CON-SU1-ASIP10K9.
I am not sure whether or not this Cisco Service for IPS contract can be used to cover just the AIP-SSM-10 if it was purchased as part of a Bundle instead of a Spare.
I would recommend that you check with your Cisco reseller or Cisco Sales Representative.
Sourav -
Monitoring the Cisco ACE module with SNMP
We use 2 redundant Cisco ACE loadbalancer in our datacenter
The models are ACE20-MOD-K9 with software A2(2.0)
Does anybod know how to monitor the environment (cpu, memory) of such a module with snmp?
We were not able to find an applicable MIB for that module.
The CISCO-PROCESS-MIB.oid (ftp://ftp.cisco.com/pub/mibs/oid/CISCO-PROCESS-MIB.oid) seems not to reflect the correct oid's.
What are the correct oid's for cpu and memory?
Where can I find a detailed documentation for snmp-monitoring the cisco ace module?
thanksHi Patrik,
to monitor the ACE I use these two MIB's:
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SLB-MIB.my
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-ENHANCED-SLB-MIB.my
Example for CPU:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
cpmCPUTotalEntry 1.3.6.1.4.1.9.9.109.1.1.1.1
The resource usage and other interesting things you will find with a MIB browser.
Achim -
Cisco ACE compatiblity with F5 GTM
Hi,
We have cisco ace 30 modules installed in cisco 6500 switches. For application availability purpose from the internet, we need to have some global site selector/3rd party devices with similar feature set that of cisco gss.
My question is: whether cisco ace is compatible to ge tintegrated with other 3rd party devices like F5 GTM?
kindly sugegst..Good afternoon,
I'm not familiar with the GTM solution, but, as long as it's DNS-based like the GSS, it should be perfectly compatible. Bear in mind that the ACE is not aware on how clients are getting the IP address, it just replies to whatever connections it gets.
Regards
Daniel -
Is there anyone who has an custom parser for Cisco ACE ?.
Can't understand why it isn't included by default as supported device in Cisco MARS.Hi.
I'm trying to make an custom parser for ACE logs.
And it works fine except denied icmp traffic, The problem is the event-id is the same in ACE (%ACE-4-106023).
The parser check for protocol type and src ip,src port and so on. Icmp however is logged without src port (pretty obvius) but the parser breaks if it dosn't get an src port.
%ACE-4-106023: Deny icmp src vlanx:x.x.x.x dst undetermined:y.y.y.y (type 11, code 0) by access-group "access-list" [0x20c017d8, 0x0]
%ACE-4-106023: Deny udp src vlanx:x.x.x.x/6155 dst undetermined:y.y.y.y/6155 by access-group "access-list" [0xffffffff, 0x0]
So what i am missing in my parser is an "IF proto=ICMP don't match src&dst ports".
Any ideas how i can make this work. -
Hello Friends,
Need ur help on cisco ACE SSL termination.
If i import the certificate and key (.PEM), where this files will be saved ?
can we able to download the .PEM file any time as we need(back-up)?
suppose if my .PEM is got hacked, hacker is sniffing the data packet which going through the web server, can it be possiable to deencrypt the packet and see the exact packet ?
Regards,
NarenNaren,
1. In order to import certs and keys, please see the following link to the command reference. To summarize, any time you import/export/delete keys/certs, you are doing so via commands in exec mode. Regarding how and where the ACE actually saves this information, I do not know this answer.
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/command/reference/execmds.html#wp1616651
2. You can import a key as non-exportable if you do not want it to be able to be exported. If you import it as exportable, you can always export it later for backups or what not.
3. You can decrypt captured HTTPS traffic if you have the private key. It is important to limit access to it. Please see this link for more info on using Wireshark to view decrypted HTTPS traffic: http://wiki.wireshark.org/SSL
Hope this helps!
Regards,
Matt -
Can Cisco ACE be added to CSMARS.
MARS version is 5.3.2If a device not supported by MARS can send syslog in clear text format, then it can be parsed by MARS using a custom parser.
The customer parser allows you to define new devices and applications in order that they can report to MARS.
The reason why you need the syslog servers to work with MARS is that the more devices you can have reporting to MARS the greater the accuracy of the analysis it provides.
In a nutshell this is how MARS works (with a tip of the cap to Dale Tesch):
The logging data from devices is used in parallel by MARS with the information gleaned from querying network device routing tables, configurations, ARP tables, CAM tables, system probes, and other processes to determine the topology of the network and the location of devices.
After log data is collected and the alert information is analyzed, it is cross-referenced with this topology information to determine its validity and to calculate attack paths.
MARS was built to enhance the common data provided by syslog and SNMP. Once the data from multiple devies is summarized it can be used both as an early warning alert system and as a forensics tool to analyze successful attacks.
Hope this helps.
Paul -
Cisco ACE Appliance Redundant configuration
How cisco ACE appliance changes its Ip address and MAC address after failover???
Hi Birendra,
Could you please elaborate more on your question?
FT mac's depend upon FT group that you have configured and they remain same. They will not change after failover.
Here's a document at the link which explains in details about different MAC addresses in ACE:
https://supportforums.cisco.com/docs/DOC-8723
Let me know if you have any questions.
Regards,
Kanwal -
ACE: which features are enabled by - ACE-SEC-LIC-K9
Our latest ACE Pair is missing the  ACE-SEC-LIC-K9 license.
Inquiry at our Distributor and Cisco resulted in the fact that this license is EOL/EOS.
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/end_of_life_notice_c51-480367.html
Since i have that license installed in 4 other Datacenter Pairs running A2(1.3)i am not sure which feature will be missing now.
Or is that license a relict which actually does not activate any feature?
Anyone a clue or a doc which explains the features behind this license?
Thanks for reading
RobleHi,
Kindly refer the URL:
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/end_of_life_notice_c51-480367.html
Customers of the Cisco ACE Application Control Engine are encouraged to migrate to Software Version ACE A2(1)
Sachinga
Maybe you are looking for
-
How can I make the Airport work?
-
Resize Gallery Album Placeholders in iWeb?
The Web Gallery album placeholders in iWeb are too big to fit on my Web site so I need to resize them but they always seem to remain the same size no mater what I do. Can anyone help me with this?
-
Language Translation in SAP ERP 6 (ECC6.0)
Dear Experts, We are doing an implementation and rollout of SAP ERP 6 (ECC 6.0) and Enterprise Portal 7 (EP7) for over 18 to 20 countries for one of the client. Since local language is to be proivded to few countries, employee master data will be upl
-
GB01 actvt and sender bussiness area not posted to document
Hi all, I am using GB01 transaction to create a document . Even though the activity type and sender business area has been entered and even though it appears in document overview , once the document is saved and a document is created, when i view it
-
Mac-formatted ipod software updated under windows - all files vanished
Hi. I just accidentally upadted my iPod Software under windows, but I have a Mac-formatted iPod. Now I can't find any of my files anymore., even though the ipod is still filled with 27 GB of data. Is there any way to reverse this and get my files bac