Syslog issue in ACE

I worked the ace on last night
I configured two context, 128 and 130
There are no problem in load-balancing server farm
but there are some issue in logging-server
I configured the logging buffer 6 to send the system message to syslog server
I didn't configured the resource-class related syslog buffer in admin context it's default unlimit
In the this morning.
I logged in the syslog server and saw the log to check syslog message from ace.
but there are no syslog message in my syslog server. In my think, the ace doesn't send syslog to syslog server. so I cleared log message in system buffer, and I received the log message from ace.
What happen in ACE? It it a possible bug? or Am I missed configured ?
Anyone who tell me why this situation happen?
Why I could receive the log after clear the log in ace?
I have to clear the log buffer to receive the syslog from ace?
the configuration like below
logging enable
logging standby
logging console 3
logging timestamp
logging trap 6
logging buffered 6
logging host 192.168.100.1 udp/514
the system image is "c6ace-t1k9-mz.3.0.0_A1_6_2a.bin"

that's weird, but it might be because the syslog resource being all used already, it couldn't be allocated to your new context and the syslog process failed to start.
Once you cleared the buffer in Admin, you freed the syslog resources and the context could activate the syslog process.
We do recommend to set a max-limit to the syslog buffer to avoid consuming all the resources to allow creation of new contexts.
Gilles.

Similar Messages

  • SIP load balancing issue with ACE 4710

    SIP Load balancing Issue with ACE 4710
    I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
    rserver host CIN-VOX-31
      ip address 172.20.130.31
      inservice
    rserver host CIN-VOX-32
      ip address 172.20.130.32
      inservice
    serverfarm host CIN-VOX
      probe SIP-5060
      rserver CIN-VOX-31
        inservice
      rserver CIN-VOX-32
        inservice
    sticky sip-header Call-ID VOX_SIP_GROUP
      timeout 1
      timeout activeconns
      replicate sticky
      serverfarm CIN-VOX
    class-map match-all CIN_VOX_L4_CLASS
      2 match virtual-address 172.22.12.30 any
    class-map match-all CIN_VOX_SIP_L4_CLASS
      2 match virtual-address 172.22.12.30 udp eq sip
    policy-map type loadbalance sip first-match CIN_VOX_LB_SIP_POLICY
      class class-default
        sticky-serverfarm VOX_SIP_GROUP
    policy-map multi-match GLOBAL_DMZ_POLICY
       class CIN_VOX_SIP_L4_CLASS
        loadbalance vip inservice
        loadbalance policy CIN_VOX_LB_SIP_POLICY
        loadbalance vip icmp-reply
      class CIN_VOX_L4_CLASS
        loadbalance vip inservice
        loadbalance policy CIN_VOX_LB_SIP_POLICY
        loadbalance vip icmp-reply
    interface vlan 20
      description VIP_DMZ_VLAN
      ip address 172.22.12.4 255.255.255.192
      alias 172.22.12.3 255.255.255.192
      peer ip address 172.22.12.5 255.255.255.192
      access-group input PERMIT-ANY-LB
      service-policy input GLOBAL_DMZ_POLICY
    could you please help me on this...
    thanks
    Rakesh Patel

    I mean there should be one more statement-
    class-map type sip loadbalance match-any CIN_VOX_LB_SIP_POLICY 
    match sip header Call_ID header-value sip:
    and that will be called under-
    policy-map multi-match GLOBAL_DMZ_POLICY
       class CIN_VOX_SIP_L4_CLASS
        loadbalance vip inservice
        loadbalance policy CIN_VOX_LB_SIP_POLICY
        loadbalance vip icmp-reply
    is that missing in your config ?

  • LMS 4.2.4 intermittent Syslog issue

    Hi All,
    syslogs services on the LMS stops all of a sudden and doesn't reflect the current logs from the devices till we restart services.
    Performed below steps
    -> Found the device logs are making its way to syslog.log file(CSCOpx>logs)
    -> SyslogCollector and SyslogAnalyzer are in healthy state.
    -> Even the collector subscription status is fine.
    After the restart of the SyslogCollector and SyslogAnalyzer  the logs reflects back on lms. Issue is intermittent and reappeared couple of times. any suggestions to find root of the problem ??
    Regards,
    Channa

    Hi Channa,
    looks like , you are getting huge no. of syslogs from your devices..
    SyslogCollector - [Thread: EvaluatorThread-0] INFO , 10 Jul 2014 16:53:16,389, Anonymous Dropping the syslog as queue is full 100000
    SyslogCollector - [Thread: EvaluatorThread-0] INFO , 10 Jul 2014 16:53:16,390, Anonymous Dropping the syslog as queue is full 100000
    SyslogCollector - [Thread: EvaluatorThread-0] INFO , 10 Jul 2014 16:53:16,390, Anonymous Dropping the syslog as queue is full 100000
    SyslogCollector - [Thread: EvaluatorThread-0] INFO , 10 Jul 2014 16:53:16,391, Anonymous Dropping the syslog as queue is full 100000
    SyslogCollector - [Thread: EvaluatorThread-0] INFO , 10 Jul 2014 16:53:16,392, Anonymous Dropping the syslog as queue is full 100000
    SyslogCollector - [Thread: EvaluatorThread-0] INFO , 10 Jul 2014 16:53:16,393, Anonymous Dropping the syslog as queue is full 100000
    SyslogCollector - [Thread: EvaluatorThread-0] INFO , 10 Jul 2014 16:53:16,393, Anonymous Dropping the syslog as queue is full 100000
    SyslogCollector - [Thread: EvaluatorThread-0] INFO , 10 Jul 2014 16:53:16,394, Anonymous Dropping the syslog as queue is full 100000
    SyslogCollector - [Thread: EvaluatorThread-0] INFO , 10 Jul 2014 16:53:16,394, Anonymous Dropping the syslog as queue is full 100000
    SyslogCollector - [Thread: EvaluatorThread-0] INFO , 10 Jul 2014 16:53:16,395, Anonymous Dropping the syslog as queue is full 100000
    SyslogCollector - [Thread: EvaluatorThread-0] INFO , 10 Jul 2014 16:53:16,396, Anonymous Dropping the syslog as queue is full 100000
    SyslogCollector - [Thread: EvaluatorThread-0] INFO , 10 Jul 2014 16:53:16,396, Anonymous Dropping the syslog as queue is full 100000
    SyslogCollector - [Thread: EvaluatorThread-0] INFO , 10 Jul 2014 16:53:16,397, Anonymous Dropping the syslog as queue is full 100000
    and which is why they are getting dropped.
    2 suggestions:
    check the filters > configure the filters for only those messages that you want
    second :
    plan to upgrade the LMS from 4.2.4 to 4.2.5 .  LMS 4.2.5 have a fix of  the syslogs issue . in 4.2.5 syslogs are well managed.
    BUG:CSCul38962 : Syslog dropping issue
    above BUG is fixed in 4.2.5
    Thanks-
    Afroz
    ***Ratings Encourages Contributors ****

  • HTTP sticky timeout issue in ACE .

    Hi All ,
    We  are facing  the dis connectivity  issue in the the http session ( sticky configuration )
    As per the customer requirement we  configured the  http sticky  with the connection time out 60 min ( one hour ) .
    But  as  per the test with  the tool cookie manager , they identified as the  http sessions are getting timed out in 20 to 30 minuits .
    Please find the sticky configuration
    sticky http-cookie FRONT_SESSION_ID TEST_FRONT
      cookie insert
      timeout  60
      replicate sticky
      serverfarm TEST_FRONT
    We also  did the http persistence as below .
    parameter-map type http HTTP_Persistence_Rebalance
      persistence-rebalance
    Parameter-map : HTTP_Persistence_Rebalance
    Description : -
    Type : http
        server-side connection reuse       : disabled
        case-insensitive parsing           : disabled
        persistence-rebalance              : enabled
        header modify per-request          : disabled
        cookie-error-ignore                : disabled
        header-maxparse-length             : 4096
        content-maxparse-length            : 4096
        parse length-exceed action         : drop
        urlcookie-delimiters               : /&#+
        urlcookie-start                    : ?
      We  have also tested the session directly with the Rserver .But  it is not getting disconnected ( As we doubt  is it  any server related issue  )
    Also please find the below resource allocation .
    resource-class TEST-FRONT
      limit-resource all minimum 0.00 maximum unlimited
      limit-resource buffer syslog minimum 0.50 maximum equal-to-min
      limit-resource sticky minimum 2.00 maximum unlimited
    So can any one please suggest me  is there  any configuration  mistakes  here  .
    If the configuration is ok please suggest me  what more I have to do for  making the stickiness  around  60 min .
    Regards ,
    Sinjish.K

    Sinjish-
      Can you use the capture utiliy on ACE to gather a trace of the entire session - then filter out the traffic to just the client IP or the server IP and attach it to this thread?  A showtech would also be useful to see if there are any anomolies.
    Regards,
    Chris Higgins

  • Facing Issue in ACE 4710 ..Secondary ACE showing as FSM_FT_STATE_STANDBY_COLD ...

    Hi All ,
     I am facing problem with my ACE 4710 in active-standby environment . When I check Show ft group detail on my Active ACE , it shows peer state as
    FSM_FT_STATE_STANDBY_COLD for Admin context . Below is the output :
    Primary_ACE/Admin#sh ft group detail
    FT Group                     : 1
    No. of Contexts              : 1
    Context Name                 : Admin
    Context Id                   : 0
    Configured Status            : in-service
    Maintenance mode             : MAINT_MODE_OFF
    My State                     : FSM_FT_STATE_ACTIVE
    My Config Priority           : 120
    My Net Priority              : 120
    My Preempt                   : Enabled
    Peer State                   : FSM_FT_STATE_STANDBY_COLD
    Peer Config Priority         : 100
    Peer Net Priority            : 100
    Peer Preempt                 : Enabled
    Peer Id                      : 1
    Last State Change time       : Tue Jan  1 05:32:55 2002
    Running cfg sync enabled     : Enabled
    Running cfg sync status      : Peer in Cold State. Error on Standby device when
    applying configuration file replicated from active
    Startup cfg sync enabled     : Enabled
    Startup cfg sync status      : Peer in Cold State. Startup configuration sync ha
    [7m--More--[m
    s completed
    Bulk sync done for ARP: 0
    Bulk sync done for LB: 0
    Bulk sync done for ICM: 0
    FT Group                     : 2
    No. of Contexts              : 1
    Context Name                 : APP_Context
    Context Id                   : 1
    Configured Status            : in-service
    Maintenance mode             : MAINT_MODE_OFF
    My State                     : FSM_FT_STATE_ACTIVE
    My Config Priority           : 120
    My Net Priority              : 120
    My Preempt                   : Enabled
    Peer State                   : FSM_FT_STATE_STANDBY_HOT
    Peer Config Priority         : 100
    Peer Net Priority            : 100
    Peer Preempt                 : Enabled
    Peer Id                      : 1
    Last State Change time       : Tue Jan  1 05:32:56 2002
    Running cfg sync enabled     : Enabled
    [7m--More--[m
    Running cfg sync status      : Running configuration sync has completed
    Startup cfg sync enabled     : Enabled
    Startup cfg sync status      : Startup configuration sync has completed
    Bulk sync done for ARP: 0
    Bulk sync done for LB: 0
    Bulk sync done for ICM: 0
    Also when I give show ft config-errors on my secondary ACE it gives the following result .
    Secondary_ACE/Admin#sh ft config-error
    Mon Jun 10 00:04:11 IST 2002
    `no 3 match virtual-address 10.40.3.15 tcp eq https`
    Error: LB action requires match vip command
    `no 3 match virtual-address 10.40.3.15 tcp eq 8082`
    Error: LB action requires match vip command
    `no 3 match virtual-address 10.40.3.21 tcp eq www`
    Error: LB action requires match vip command
    `no 3 match virtual-address 10.40.3.21 tcp eq https`
    Error: LB action requires match vip command
    `2 match virtual-address 10.40.3.21 tcp eq https`
    Error: This configuration already exists
    `2 match virtual-address 10.40.3.21 tcp eq www`
    Error: This configuration already exists
    `2 match virtual-address 10.40.3.15 tcp eq 8082`
    Error: This configuration already exists
    `2 match virtual-address 10.40.3.15 tcp eq https`
    Error: This configuration already exists
    Error(s) while applying config.
     I am attaching the running configuration of both the ACE's . Kindly help me in resolving the issue .
    Also I noticed one thing . There is configuration difference in Primary and Secondary ACE . I guess this is causing the issue .
    Need help to fix this asap .
     Following configuration is missing on the secondary ACE .
    ======================================================================
    class-map match-all WEB_FARM_VIP-80
      3 match virtual-address 10.40.3.15 tcp eq www
    policy-map type loadbalance first-match WEB_FARM_VIP-80-l7slb
      class class-default
        serverfarm HTTP-2-HTTPS
      class WEB_FARM_VIP-80
        loadbalance vip inservice
        loadbalance policy WEB_FARM_VIP-80-l7slb
    Thanks ,
    Tushar

    Dear all,
    Pls help me out in this regard, I dont have much idea about ACE.
    Regards,
    Sashi

  • Issue with ACE HTTP class map

    This is what I want to achieve USING the ACE as a reverse proxy.
    User uses the url https://abc/password - gets to the destination server & the web page
    If user tries to use any thing additional then the connection is dropped at the ACE such as
    https://abc/password/test or any such variation.
    Following is the config I have to achieve this
    class-map type http loadbalance match-any L7-CLASS-TEST
      match http url /password
      match http url /password/
    class-map type http loadbalance match-any L7-CLASS-TEST-deny
      2 match http url .*.*
    policy-map type loadbalance first-match LBP-TEST
      class L7-CLASS-TEST
        serverfarm FARM-TEST
        ssl-proxy client TEST
      class L7-CLASS-TEST-deny
        drop
      class class-default
        serverfarm FARM-TEST
        ssl-proxy client TEST
    The problem with this is when the page opens I get broken links on all the images. If I use the following line
    match http url /password.*
    I get the images to work but the user can use the https://abc/password/test which is not what I want.
    Has any one faced this issue ?
    Any help will be appreciated.
    Thanks in advance
    Prasanna

    Prasanna,
    What about if you try it in HTTP and apply the following change?
    class-map type http loadbalance match-any L7-CLASS-TEST-deny
      2 match http url /.*
    This should work in HTTP but not with HTTPS
    Anyway, it should not work since everything seems to be encrypted, you may require either SSL-termination or END-TO-END SSL for this then the ACE can decrypt the request see what it needs to do and take the load balance decision.
    Jorge

  • Syslog issue in LMS 4.2

    Hi I am facing weired issue with devcies syslogs. I can see syslog from only few devices though we have 160 devices.
    can any one help me to get it running.
    Thanks

    First thing to look at is if the devices are configured properly to send syslogs to ciscoworks.
    If yes, check Syslog.log (win) or syslog_info (sol/lin) to see if the missing devices syslog appears in that file. If the syslog is present in file, check filters if the filters are configured properly to forward the syslog to syslog DB else they might be dropped.
    Attached image explains the Ciscoworks Syslog Architechture properly.
    -Thanks
    Vinod

  • EEM syslog issue

    I have an issue with the syslog output of my eem script. The syslog command below does work. It sends an individual syslog message to my mgmt station for EACH line of cli output. I confirmed this with wireshark. The "show log" output looks fine (see below). I would like to get all the cli output or at least most of it in ONE large syslog message Anyone know how to fix this?
    <script>
    event manager applet SH_IP_NAT_STATS
    event timer cron name nat_stats cron-entry "0-59/5 * * * *"
    action 1.1 cli command "sh ip nat statistics"
    action 1.2 syslog msg "cli: $_cli_result"
    Log Buffer (52000 bytes):
    000080: *Nov 15 04:30:00.052: %HA_EM-6-LOG: SH_IP_NAT_STATS: cli:
    Total active translations: 38 (1 static, 37 dynamic; 38 extended)
    Peak translations: 135, occurred 00:25:23 ago
    Outside interfaces:
      FastEthernet0/0, FastEthernet0/1
    Inside interfaces:
      Vlan10
    Hits: 6270  Misses: 0
    CEF Translated packets: 1078, CEF Punted packets: 5192
    Expired translations: 622
    Dynamic mappings:
    -- Inside Source
    [Id: 1] route-map nonat interface FastEthernet0/1 refcount 37
    Appl doors: 5
    Normal doors: 0
    Queued Packets: 0

    Ah, I misunderstood.  There are a number of ways you could do this.  One thing that might be easiest is to configure two applets:
    event manager applet MARVEL
    event syslog pattern "%MWR2900MRVL_FLTMG-5-EVENT_WARNING"
    action 1.0 cli command "enable"
    action 2.0 syslog msg "MWR2900MRVL: Marvell Chip Bug detected"
    action 3.0 cli command "clear mac-address-table secure"
    action 4.0 cli command "config t"
    action 5.0 cli command "event manager applet MARVEL"
    action 6.0 cli command "event none"
    action 7.0 cli command "exit"
    action 8.0 cli command "event manager applet MARVEL-countdown"
    action 9.0 cli command "event timer countdown time 3600"
    action 9.1 cli command "end"
    event manager applet MARVEL-countdown
    event none
    action 1.0 cli command "enable"
    action 2.0 cli command "config t"
    action 3.0 cli command "event manager applet MARVEL-countdown"
    action 4.0 cli command "event none"
    action 5.0 cli command "event manager applet MARVEL"
    action 6.0 cli command "event syslog pattern %MWR2900MRVL_FLTMG-5-EVENT_WARNING"
    action 7.0 cli command "end"

  • Syslog issue

    I have syslog schedule job that runs every morning at 7am. every Monday
    it runs empty until I restart the daemon, it's been doing it for several week. Today I have't restarted the daemon and started poking around, I went in and ran  log roation since the syslog_info was large but that didn't help. Any other suggestion ?

    What version of LMS are you running? Go to Common Services ---> Software Center --> Software Update and post the screenshot of version.
    How large is the syslog.log file?
    Post the SyslogCollector.log and SyslogAnalyzerUI.log file.
    And if you don't care for the syslog.log file, you can stop the CiscoWorks Daemon and delete the syslog.log and restart the daemon manager so it can automatically create a new one.

  • SSL Certificates issues on ACE module

    Hi,
    SSL certificate and keys are not been transfered from active to standby automaticaaly, could anyone tell me why is this happening and what needs to be done.
    Thanks
    Neha

    Hi Neha,
    Yes - unless you are running the 2.2 version of ACE software - which is intended for really large configurations then there is no bulk certificate/key import process.
    Whatever you did to import the certificates/keys on your active configs you'll need to do on the standby configs.
    Note, by having missing files, replication will have been stopped.
    Cathy

  • Syslog Issue in RME

    Hi ,
    I am able to see sylog messeges if I  enable snmp syslog traps in my device. but not able to generate syslog messages report in RME , I have already enabled logging commands with LMS IP and default port 514 in my devices, all other syslog services are also running fine., I have also enabled syslog backup policy with default path.
    Pls find the attached logs and kindly check where may be the isuue.
    Rgds,
    Kamal Singh
    9910213708

    I do not see any Cisco syslog messages in this syslog.log file.  If you have logging enabled on the devices, make sure that udp/514 is open between the device and the LMS server.  To verify that the messages are making it to the server, start a sniffer trace on the LMS server filtering on udp/514 traffic.  Generate some messages from a test device, and confirm that you see those messages in the sniffer trace.  If not, check with your firewall or network administrators to make sure there are no filters or ACLs which could be blocking this traffic.

  • RME 4.3.1 on new server - 2 issues with Inventory and syslog

    Hi,
    I recently installed new server 2003 with LMS3.2 and after the problems with DevicePackages i resubmitted all device and the device center tasks that was missing now reappeared.
    So I went on and added my two VPN3030 VPN Concentrators.
    This device is supported for RME inventory and syslog
    I got the config-archive running (!) so thats fine (Runs via HTTPS login)
    I have two issues:
    1. I can not get inventory to work .
    I have communication going, and a packet trace/sniff show I have syslog going into RME and i see SNMP GET and respones to/from device
    I see some java error logs in ic_server.log fil
    I have tried with two different LMS32-servers
    I have increased SNMP timeout etc
    I tried deleted the device and rediscover
    log are like this:
    [ Thu Aug 19  10:12:30 CEST 2010 ],ERROR,[Thread-14],com.cisco.nm.rmeng.inventory.ics.core.CollectionController,761, Collection failed for the device : 3748
    com.cisco.nm.xms.xdi.ags.system.CollectionFailed: com.cisco.nm.lib.snmp.lib.SnmpException: SnmpResponseNoSuchName on 10.3.6.2 while performing SnmpWalk(*) at index = 10
        at com.cisco.nm.xms.xdi.pkgs.LibInventory.PortInterfaceAGI_RFC1213_HelperMethods.getIfTableEntriesFromDevice(PortInterfaceAGI_RFC1213_HelperMethods.java:639)
        at com.cisco.nm.xms.xdi.pkgs.SharedInventoryVPN3000.PortInterfaceAGI_RFC1213_Mib.g$eval(PortInterfaceAGI_RFC1213_Mib.java:77)
        at com.cisco.nm.xms.xdi.ags.PortInterfaceAGI.g$eval(PortInterfaceAGI.java:21)
        at com.cisco.nm.xms.xdi.SdiEngine.initAndEvalAGIs(SdiEngine.java:383)
        at com.cisco.nm.xms.xdi.SdiEngine.request(SdiEngine.java:309)
        at com.cisco.nm.xms.xdi.SdiEngine.getDevRepr(SdiEngine.java:302)
        at com.cisco.nm.rmeng.inventory.ics.core.CollectionController.run(CollectionController.java:539)
        at java.lang.Thread.run(Thread.java:595)
    [ Thu Aug 19  10:12:30 CEST 2010 ],INFO ,[Thread-14],com.cisco.nm.rmeng.inventory.ics.core.CollectionController,841,Device collection failed for 10.3.6.2
    2.:I can not get syslog into the devices syslog reports
    This is wierder than issue 1: I have two VPN3030, one actually does syslog fine, but one VPN 3030 does not
    I havent done any thing different for the two device ...
    one simply works, one doesnt ...
    I get no syslog msg in device center for one of the device.
    The syslogs ARE infact in the syslog.log
    The syslog msg DO show up, but in Unexpected device report  ...
    The same VPN device does work with my second server so I think this is related to RME database on one specific server.
    But i have tried delete device and rediscover etc ...
    please help ...

    ok - looks like i need TAC again ...
    As for the syslog issue - this happens only for one device on one of my servers ...
    That is what is strange ... So IP is coorect and ok - (they do get syslogs into DevCenter on one server and on other device)
    Thank you for your reply - really nice that you take your time into this forum !

  • Sticky issue for an application configured in ACE

    Hi All,
    We are facing a strange issue with ACE. We have a sticky configured for an application in ACE.
    Sometimes the application is not working, We have to clear sticky session on ACE to fix the issue.
    Can anbody help me to troubleshoot this issue?
    Regards,
    Thiyagu

    Hi Jorge,
    Here is the sticky configuration of the application which is having issue.
    sticky ip-netmask 255.255.255.255 address source SG
      timeout 15
      serverfarm SF
    Please let me know if you need the complete configurarion.
    Regards,
    Thiyagu

  • ACE redirection issue

    Hi,we have our main website https://abc.com and it provides links to users for various applications.If i go to https://abc.com and click the link xyz on it, i get back to main page again and current  connections drops to 0. here my browser should be redirected to https://abc.com/xyz which is not happening. Traffic is getting tunnnled to https://abc.com as seen in logs in http catcher.
    But if i type in https://abc.com/xyz in browser, i go to correct page.
    below  is my configuration. please let me know if any other configuration is  needed, Below config is with 2 links but actual production has many  links.
    I have similar issue for another application where links on  main page can not be accessed. that application works on http  instead  of https.
    rserver redirect xyz
      inservice
      webhost-redirection "https://abc.com/xyz"
    rserver redirect uvw
      inservice
      webhost-redirection "https://abc.com/uvw"
    rserver host abc
    ip address 1.1.1.1
    inservice
    serverfarm redirect xyz
    rserver xyz
    inservice
    parameter-map type http case_param
      case-insensitive
      no persistence-rebalance (i also tried enabling it)
      set header-maxparse-length 65535
      set content-maxparse-length 65535
      length-exceed continue
    parameter-map type ssl abc
      cipher RSA_WITH_3DES_EDE_CBC_SHA
    ssl-proxy service abc
      key abc
      cert abc
      ssl advanced-options abc
    serverfarm redirect uvw
    rserver uvw
    inservice
    serverfarm host abc
    rserver abc
    inservice
    class-map type http loadbalance match-any map1
       match http url /xyz.*
    class-map type http loadbalance match-any map1
       match http url /uvw.*
    policy-map type loadbalance first-match ssl-abc
    class map1
        serverfarm xyz
    class map2
        serverfarm uvw
    class class-default
        serverfarm abc 
    class ssl-intranet
        loadbalance vip inservice
        loadbalance policy ssl-abc
        loadbalance vip icmp-reply active
        nat dynamic 1 vlan 368
        appl-parameter http advanced-options case_param
        ssl-proxy server abc
    the IP address mentioned for abc.com (1.1.1.1) is on cisco CSS (VIP for www.abc.com for internal users) which is serving my internal clients. The CSS then points to actual server hosting abc.com. The ACE is serving clients coming from Internet and CSS is serving my internal clients which connect with http. Is this problem because of communication issue between ACE and CSS?
    Can anybody suggest?

    class-map match-all intranet
      2 match virtual-address 198.184.231.7 tcp eq www
    class-map match-all ssl-intranet
      2 match virtual-address 198.184.231.7 tcp eq https
    I have 2 different policy maps .........intranet map redirects to ssl-intranet map which then makes redirection to individual applications.
    policy-map multi-match external-lb
      class extranet
        loadbalance vip inservice
        loadbalance policy extranet
        loadbalance vip icmp-reply active
        nat dynamic 1 vlan 368
        appl-parameter http advanced-options case_param
      class ssl-extranet
        loadbalance vip inservice
        loadbalance policy ssl-extranet
        loadbalance vip icmp-reply active
        nat dynamic 1 vlan 368
        appl-parameter http advanced-options case_param

  • "exception" code in ACE logs

    Hello,
    We are having an issue with http based application loadbalanced by ACE - sometimes one of the page in the browser is partialy blank (some of the code referenced in main html document seems to be missing). We've discovered the following syslog message from ACE in regard to such http session:
    Jul  8 2010 09:24:03 : %ACE-6-302023:  Teardown TCP connection 0xd7f1 for vlan10:10.1.1.1/1783 to  vlan20:10.1.2.1/443 duration 0:00:00 bytes 45497 Exception
    What can be told about this "exception" code? Documentation isn't especially helpful in this case...
    thanks
    WM

    The error code states connection setup error which could be a number of things.
    https://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/system/message/guide/messags.html#wp1147957
    Can you post the ACE config you are using first and any details of the webserver. Would be a good place to start.
    Dave

Maybe you are looking for

  • BAPI_PO_CREATE1 for blocked item and account assignment category Q

    Hi, I am facing an issue while creating PO with items which are blocked ie LOEKZ = 'S', and account assignment category 'Q'. Though I fill wbs element in POACCOUNT and POACCOUNTX structures, after execution it is being erased and am getting an error:

  • Payment block while posting MIRO

    I have posted one MIRO document for material supply. while saving the invoice one message invoice blocked for payment.  Why this message is coming.  I have checked the vendor master. There is no payment block.  Where should we check. For same PO, pay

  • Adding  values in same field inside loop

    Dear Experts, suppose in my o/p i am displaying material number and its value: material No:      Qty matnr                1000 matnr                2000 matnr                3000 matnr                4000 matnr                5000 Now I want my third

  • How can I show unread mail count of Gmail,Yahoo,AOL in my web application.

    I want to show unread mail count for Gmail,Yahoo,AOL,MSN (e.g. Gmail (5) ) on my web application. Also when user click on unread mail count it should open new window for respective mail Inbox say gmail inbox that shows unread mail of user. I have exe

  • DAG 2013SP1: adding the database copy

    Hello! After adding DAG members (according to http://exchangeserverpro.com/exchange-2013-dag-database-copies/) I was going to add a database copy to the DAG (as per this explanation: http://exchangeserverpro.com/exchange-2013-dag-database-copies/) bu