New ASA5512- 5515: content filter and WAN load balancing

Similar Messages

• I have used Photoshop 5.5 for many years and it is all I need and more.  I just bought a new HP Win 7 computer and tried loading my old CD.  I won'f work because meant for 16-bit computers.  Can I buy a 64-bit version of Photoshop 5.5?

  I have used Photoshop 5.5 for years and it is all I need and more.  I bought a new PC with Win 7 and tried loading my Photoshop 5.5 CD.  It won't work because it is 16-bit, the new computer is 64-bit.  Can I buy a 64-bit version of Photoshop 5.5?

  Hi,
  You actually tried to install photoshop 5.5 and got the message about it being 16 bit?
  (usually it's only the installer that is 16 bit and the actual program is 32 bit)
  Photoshop 5.5 should work on windows 7 x64 if you don't have more than 1 TB of free space on your hard drive.
  Your sure it's photoshop 5.5 and not an earlier photoshop version.
  You might try copying the folder that says photoshop off the cd onto your hard drive and then running the Setup.exe
  Anyway, check how much free space your hard drive has and if it's more than 1 TB, then no use trying to use photoshop 5.5 because it won't work.
  (photoshop versions before photoshop cs can't see free space on hard drives if it's more than 1 TB and would give a scratch disk full message if you try to run them)

• H-REAP and Client Load-Balancing

  I'm told by Cisco that H-REAP does not support client load-balancing.
  We have a situation where we want to deploy LWAPPs using H-REAP into a conference room where training would take place.
  Any suggestions on how to overcome the inevitable slowness these people are going to experience from being unevenly associated with the APs?
  We can't re-write the application so we are looking for a wireless solution.
  Anyone hear about how other organizations have dealt with this type of situation?
  I'll be glad to supply more details if I am not being clear in my description of the problem.
  Thanks in advance. All responses will be rated.
  Paul

  This is the functionality which is missing in H-REAP: Client and Network Load Balancing
  "Radio Resource Management (RRM) load-balances new clients across grouped lightweight access points reporting to each controller. This function is particularly important when many clients converge in one spot (such as a conference room or auditorium) because RRM can automatically force some subscribers to associate with nearby access points, allowing higher throughput for all clients. The controller provides a centralized view of client loads on all access points. This information can be used to influence where new clients attach to the network or to direct existing clients to new access points to improve wireless LAN performance. The result is an even distribution of capacity across an entire wireless network.
  Note: Client load balancing works only for a single controller. It is not operate in a multi-controller environment."
  I suppose if we limit the number of users that can associate with a particular AP then we will achieve some client load-balancing. Though a hard limit on the number of end-users will also lead to situations where some end users will not be allowed any access.

• WAN load balancing

  Hello
   I have the following issue with a Cisco 2811 router. I have two WAN connection ( fiber and ADSL ) and I want to make WAN load balancing
  so I add two route : 0.0.0.0 0.0.0.0 dialer1 and 0.0.0.0 0.0.0.0 fa1 the problem is with fiber connection (fa1) in this configuration I can't ping WAN 
  from outside or use NAT on this connection. If I change default route's like this it's working but is not WAN load balancing : 0.0.0.0 0.0.0.0 dialer 150
  0.0.0.0 0.0.0.0 fa1. Any idea.

  Hi Richard
  I come back with more details:
  First I try to setup router with WAN failover like this:
  route-map SDM_RMAP_1 permit 1
   match ip address 101
   match interface FastEthernet0/0
  route-map SDM_RMAP_2 permit 1
   match ip address 102
   match interface Dialer1
  access-list 101 permit ip 10.0.0.0 0.255.255.255 any
  access-list 101 permit ip 172.26.60.0 0.0.0.255 any
  access-list 102 permit ip 10.0.0.0 0.255.255.255 any
  dialer-list 102 protocol ip permit
  ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
  ip nat inside source route-map SDM_RMAP_2 interface Dialer1 overload
  ip nat inside source static tcp 10.0.0.1 25 x.x.x.x 25 route-map SDM_RMAP_1 extendable
  ip route 0.0.0.0 0.0.0.0 x.x.x.x 150
  ip route 0.0.0.0 0.0.0.0 y.y.y.y track 1 
  interface FastEthernet0/0
   ip address x.x.x.x 
   ip nat outside
   ip virtual-reassembly in
   duplex auto
   speed auto
   no cdp enable
   crypto map SDM_CMAP_1
  interface FastEthernet0/1
   no ip address
   ip mtu 1492
   ip nat outside
   ip virtual-reassembly in
   duplex auto
   speed auto
   pppoe enable group global
   pppoe-client dial-pool-number 1
  interface Dialer1
   ip address negotiated
   ip mtu 1492
   ip nat outside
   ip virtual-reassembly in
   encapsulation ppp
   dialer pool 1
   dialer-group 1
   ppp authentication chap pap callin
   ppp chap hostname ...............
   ppp chap password 7 010109085702121F33434A0014524343
   ppp pap sent-username .......... password 7 0614002D40471D091718160201537E7A
   no cdp enable
   crypto map SDM_CMAP_1
  track timer interface 5
  track 1 ip sla 1 reachability
   delay down 15 up 10
  ip sla 1
   icmp-echo a.b.c.d source-interface y.y.y.y
   timeout 5000
   threshold 40
   frequency 6000
  ip sla schedule 1 life forever start-time now
  And I want to achive the following results:
  All computers from LAN use for internet connection y.y.y.y and if this failed use x.x.x.x and when come back y.y.y.y use this connection.
  And I have one server with few services ( DNS, WWW, MAIL...)  which must use just x.x.x.x connection if this failed dosen't matter if this services not working.
  But with this configuration one thing not working i can't access from outside Mail server , DNS, WWW  with x.x.x.x connection ( IP ) if I change default route like :
  ip route 0.0.0.0 0.0.0.0 x.x.x.x  track 1
  ip route 0.0.0.0 0.0.0.0 y.y.y.y  150
  it's working

• NW04 Portal and Cisco Load balancer

  Hi everybody,
  does anyone have a similar landscape as I have?
  Reverse Proxy - Cisco Content Switch Module for Load Balancing - two NW04 Portal Servers.
  How did you configure the stickyness / Load balancing mechanism on the load balancer in order to get it running?
  Cheers
  Jochen

  Hi,
  Web AS Java issues a cookie called saplb.
  You can check its value by connecting to the portal and then launching the command
  "javascript:alert(document.cookie)"
  within the browser. You will get a cookie value like
  saplb_*=(J2EE6202500)6202551          
  The value in brackets determines the Instance; the second number equals the actual ClusterID (can also be found in the VisualAdmin. Usually 50 indicates the 1st server node, 51 the second one etc.
  The saplb_*-cookie can be checked by the cisco see Cisco-Link above. Just configure the Cisco to be sticky on the  instance number (value in the first brackets, in the example 6202500).
  Several Customers do it like this, and actually the SAP Webdispatcher is also using this cookie to determine the instance to distribute the request to.
  Good luck Bernhard

• ASA and vpn load balancing

  Hi,
  I am configuring 2 ASA5540 for internet trafic inside to outside ,
  outside to inside (web,smtp) but also vpn load balancing for client to site , site to site and webvpn.
  In the doc I can configure them for internet trafic as Active/Standby or Active/active.
  for vpn : I can use vpn load balancing
  But no information if I want to use the active/passif and vpn load balancing together.
  Any thoughts on which way to go? what is the best thing to do ?
  Regards

  Hi,
  I think that you cannot use an Active/Active configuration for VPN connections as it is stated on Cisco's documentation: "Note: VPN failover is not supported on units that run in multiple context mode as VPN is not supported in multiple context. VPN failover is available only for Active/Standby Failover configurations in single context configurations" available at http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml
  Hope it helps

• SRP541W WAN Load Balancing and NAT

  Hello All,
  New to the forums. Thanks for taking the time to read my post. I recently switched my office over from a RV042 to SRP541W. We have 2 DSL lines and have used the Load Balance feature on the RV42 to make the best of the connecton speeds. When setting up the SRP541W when i select load balancing it tells me NAT should be disabled. Why is that? I see a place to input static routes but Im not entirly sure what needs to be done here to set this up correctly. Any input would be appriciated. Also right off the bat we had some issues with access to Google Docs and Mail. I think its becuase those sites dont like seeing access from multiple IPs (fromt the Dual WAN) so I set up a entry in Policy Routing directing all traffic from port 443 to go through one WAN, is this the right way to do this?
  Thanks!
  Mike-

  Dear Mike,
  Thank you and welcome to the Small Business Support Community.
  It is possible to configure load balancing with NAT, however in this case, remote internet servers will potentially see sessions from remote hosts behind the SRP541W coming from different source IP addresses (the WAN IP addresses), causing the sessions to be reset unexpectedly.
  The Policy Routing setting you setup is exactly what I would do in your case.
  I hope these answer your question and please do not hesitate to reach me back if there is anything else I may assist you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• WAN Load-Balancing and multi VLAN design

  Hello,
  I need some help to define the design of a specifi LAN-WAN network.
  1) There are 2 independant WAN entries (they have their own ISP-managed router)
  2) I need to load-balanced the requests over the 2 WAN
  3) If possible, the load-balancer must be redundant (GLBP ?)
  4) On the LAN itself, there must be 15 different VLAN
  5) We also need a DHCP solution (also redundant if possible) to provide IP to these VLAN, with unique gateway (the load-balancer)
  What do I need to implement this configuration ?
  And is it possible to configure with as much GUI as possible ?
  Thanks in advance for your help.

  Dear Mike,
  Thank you and welcome to the Small Business Support Community.
  It is possible to configure load balancing with NAT, however in this case, remote internet servers will potentially see sessions from remote hosts behind the SRP541W coming from different source IP addresses (the WAN IP addresses), causing the sessions to be reset unexpectedly.
  The Policy Routing setting you setup is exactly what I would do in your case.
  I hope these answer your question and please do not hesitate to reach me back if there is anything else I may assist you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• Web content filter and shockwave

  Hi! I am using in my organization Squid proxy with DansGuardian as web content filter. The problem that i'm facing is that when i visit a site that uses shockwave,i get the messagethat " the Xtra package failed to initialize.. ". This problem is brought up by using DansGuardian, because when i use squid everything works fine.
  With the previous version of shockwave i had added as exceptions in url and site lists the following paths and everything worked fine:
  adobe.com
  download.macromedia.com/pub/shockwave/cabs/director/sw.cab#version=8,5,0
  download.macromedia.com/pub/shockwave/cabs/director/sw.cab
  get.adobe.com/shockwave/

  Try Settings > Wifi > your checked network > HTTP Proxy: Off

• CSS and Oracle Load Balancing

  Hi,
  I have CSS in single arm deployment model. I have multiple servers load balancing on this CSS on port 80 etc. Today I am trying to load balance one Oracle server but I am facing problem with it.
  Real servers are accessible on port 80 without any problem but when we are trying to access the same servers on VIP we are not able to see the web page.
  real server http://192.168.17.12/irs.htm
  real server http://192.168.17.14/irs.htm
  real server http://192.168.10.37/irs.htm
  VIP
  http://192.168.200.58/irs.htm
  Below is the configuration. I can do the telnet on port 80 and I can ping the VIP IP address.
  I will only put 192.168.200.58 in browser I can see the oracle page but with the full URL i am not able to see it.
  Though I have other oracle servers which I have load balance with the same configuration and I can access the web page.
  ==========================================================================================
  http://tptest.enoc.com/forms/frmservlet?config=tp  (This is working fine).
  ========================================================================
  http://irs.enoc.com/irs.htm  (This is not working).
  By name and by IP address both are not working.
  http://192.168.200.58/irs.htm  (This is not working).
  =============================================================================
  service IRC_1
    ip address 192.168.17.12
    keepalive type tcp
    keepalive port 80
    active
  service IRC_2
    ip address 192.168.17.14
    keepalive type tcp
    keepalive port 80
  service IRC_DR
    ip address 192.168.10.37
    keepalive type tcp
    keepalive port 80
  content ENOC_IRC
      add service IRC_1
      add service IRC_2
      add service IRC_DR
      vip address 192.168.200.58
      protocol tcp
      port 80
      advanced-balance sticky-srcip
      active
  owner ENOC_GIT
  content ENOC_IRC
      add service IRC_1
      add service IRC_2
      add service IRC_DR
      vip address 192.168.200.58
      protocol tcp
      port 80
      advanced-balance sticky-srcip
      active
  group ENOC_IRC
    add destination service IRC_1
    add destination service IRC_2
    add destination service IRC_DR
    vip address 192.168.200.58
    active
  ===================================================================================================
  ENOCDC-CSS01(config)# show service summary
  Service Name                     State     Conn  Weight  Avg   State
                                                           Load  Transitions
  IRC_1                            Alive         0      1     2            0
  IRC_2                            Suspended     0      1   255            1
  IRC_DR                           Suspended     0      1   255            1
  ENOCDC-CSS01(config)# show summary
  Global Bypass Counters:
     No Rule Bypass Count:     0
     Acl Bypass Count:         0
  Owner            Content Rules    State     Services         Service Hits
  ENOC_GIT        
                ENOC_IRC         Active    IRC_1            103
                                              IRC_2            10
                                              IRC_DR           7
  =======================================================================================================
  Same setting I am doing for other servers and working fine only for these servers I am facing problem. Curently only one server is active in the configuration.
  Kindly let me know what I am missing and how to fix the problem.
  I have also attached the full configuration of CSS.

  Hi,
  My point of concern is that I did the same for Oracle server and this is working fine
  http://192.168.200.95/forms/frmservlet?config=tp
  only when I am doing the load balancing for
  http://irs.enoc.com/irs.htm  (This is not working).
  By name and by IP address both are not working.
  http://192.168.200.58/irs.htm  (This is not working).
  I dont have a option for TAC case is there a a way to fix the problem by apply other load balancing method. Is there something to do with the Circut VLAN. I didnt create the Circut VLAN 17 where this server is located.
  I am doing almost 8 differenceservers load balancing in this CSS.
  your expert opinion will definately help me.

• Lync 2010 and ACE load balancing

  Hi there,
  Has anyone deployed [or will be deploying] Lync 2010 utilising the ACE as a hardware load balancer. The ACE is not {yet] on the Microsoft list of supported devices for this product, but I am told this because of lack of documentation from Cisco.
  The consensus from a few colleagues is that it should work as it did for OCS, which we have already deployed, so assuming that the set up and operation is similar, there shouldn't be much difference in the configurations.
  regards,
  Glenne.

  Hey Glenne,
  It seems you got that working already but I wanted to share this simple sample:
  parameter-map type http PARAMETER
    set header-maxparse-length 65535
    set content-maxparse-length 65535
  ============================================
  interface vlan 112
    ip address 10.198.16.71 255.255.255.192
    alias 10.198.16.124 255.255.255.192
    peer ip address 10.198.16.72 255.255.255.192
    mac-sticky enable
    access-group input anyone
    nat-pool 25 10.198.16.125 10.198.16.125 netmask 255.255.255.0 pat
    service-policy input ANS-MGT
    service-policy input VIPS
    no shutdown
  ============================================
  policy-map multi-match VIPS
    class LYNC_VIP
      loadbalance policy  LYNC_POLICY
      ssl-proxy server SSL_LYNC_TERMINATION
      loadbalance vip icmp-reply active
      nat dynamic 25 vlan 112
      appl-parameter http advanced-options  PARAMETER
  ============================================
  class-map match-all LYNC_VIP
    2 match virtual-address 10.198.16.125 tcp eq https
  ============================================
  ssl-proxy service SSL_LYNC_TERMINATION
    key tac-key
    cert tac-cert
    chaingroup tac-chaingroup
  ============================================
  policy-map type loadbalance first-match LYNC_POLICY
    class class-default
      sticky-serverfarm LYNC_COOKIE
  ============================================
  sticky http-cookie ACE_COOKIE LYNC_COOKIE
    timeout 30
    replicate sticky
    serverfarm LYNC_FARM
  ============================================
  serverfarm host LYNC_FARM
    rserver LYNC_SERVER1 80
      inservice
    rserver LYNC_SERVER2 80
      inservice
  ============================================
  rserver host LYNC_SERVER1
  ip address 10.198.16.93
  inservice
  rserver host LYNC_SERVER2
  ip address 10.198.16.113
  inservice
  ===========================================
  Jorge

• Cisco RV042 - Dual Wan Load Balancing - Secure Site (HTTPS) Trouble

  PID VID :
  RV042 V03
  Firmware Version :
  v4.0.0.07-tm (Aug 19 2010 19:19:50)
  Ever since I setup my RV042 with load balancing using the Dual Wan system I have had trouble staying connected to some secure sites. After doing some searching I found that the potential issue is the IP change mid session.
  "http://www.broadbandreports.com/forum/r25537589-Cisco-RV042-can-not-use-load-balancing-for-some-web-sites"
  Although my interface is significantly different I was able to find the same area in my RV042 admin area however, it doesn't seem to work.
  System Management
  > Dual Wan
  In Wan 1 & Wan 2 I have HTTPS and HTTPS Secondary all forwarded to use Wan 2 under Protocol Binding
  This however has not managed to do anything at all for my network and every computer conneceted experiences the same HTTPS irregularities at some websites.
  I'm sure I must be doing something wrong, but I don't know what it is.
  Both incoming connections are from the same service provider although the plans are different.
  Any help with this would greatly help me stop losing my mind trying to fight with my website control panel for 10 minutes to just login and get something done.
  Thanks

  Any ideas or advice from anyone?

• HTTP type connectivity between XI and R3 - load balancing options ?

  Hi
     We have a http type connectivity setup between XI and R3 in order enable XI to communicate with R3 using ABAP proxies. We did this by creating a RFC destination on the ABAP stack of XI of type 'H' ( http connection between R3 systems ). Now, while setting up this rfc destination, there is no option to specify a message server on R3 - we just see a target server field that can be filled in.
  In an rfc destination of type 3 - on the XI box ( which is used for a XI --> R3 idoc adapter ) , I  can see an option for specifying message server.
  Does this mean that using type 'H' connectivity between XI and R3 does not give us an option of hitting the load balancing - message server on R3 and thus cannot use the load balancing setup on R3 ? Is this is a limitation of type 'H' connectivity between XI and R3 ?

  for HTTP load balancing the options seems to be somewhat different....check if these threads provide you any help:
  http://help.sap.com/saphelp_nw04s/helpdata/en/ae/9bfc3f9ec4e669e10000000a155106/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/79/a1ce9569444647956b0ec1cf443c4d/content.htm
  http://help.sap.com/saphelp_nw70/helpdata/en/43/39c7b227b91bcbe10000000a1553f7/content.htm
  Regards,
  Abhishek.

• RV320 - Dual WAN - Load Balance Problem

  Hi all,
  I've just bought a RV320 Dual WAN router an try to get it running. My network setup looks lice the picture attached.
  I have 2 WAN Connections:
  - Router 1 (16Mbit Down / 512kbit up) - no public WAN IP
  - Router 2 (3 Mbit Down / 512kbit up) - Fixed public IP
  Router 1 ist connected to WAN1 and router 2 to WAN2 port on the RV320.
  I have enabled load balancing mode.
  Qustions:
  1.
  I want WAN1 to be the primary line to be used until capacity reached.
  Currently for some reason I don't understand the cisco always uses WAN2.
  That's not good as all browsing and downloading is limited to 3mbit.
  When I switch to "fail-over" mode and set primry live to WAN1 that works, but WAN2 is not kept alive.
  2.
  I am using VOIP and need to route all VOIP traffic to WAN2 interface.
  The best would be to tell the router IP 192.168.177.9 (voip phone) should use WAN2. So far I didn't figure out how to do that.
  Can I put VOIP into one VLAN group and allocated VLAN to one specific WAN interface?
  Brgds

  So, you can hear the phone ringing and answer it? which means that SIP pakets are coming through WAN to LAN and well redirected to the phone IP, but you cannot hear after that, which means that there could be a problem with the RTP packets. 
  If you have problem only with the incoming calls and not the outgoing, than try enable/disable SIP ALG (Firewall). If that doesn't fix the issue, try to allow (or even forward) from WAN to LAN RDP -  UDP ports 16384-32767 to the phone IP.
  Regards,
  Kremena

• CSS on multiple subnets and separate load balancing

  Hello,
  I've a situation where I need to load balance incoming clients on subnet A to 3 real servers on subnet B - no problems there.
  But I also need to load balance different clients on subnet C to 3 other servers on subnet D and clients on subnet E to 2 servers on subnet F.
  Basically I want to use the CSS for 3 different load balancing operations.
  Rather than using 3 separate CSS11503s can I do all this with multiple VLANs on the LAN switches and 1 CSS?
  Any help appreciated
  Regards Tony

  you can have as many vlan as you want.
  So yes you can do what you want.
  Just be aware that the CSS can route as well between those vlans, so if you separation between them you may have to use ACL.
  Gilles.