Vip not responding on a specific port
Configured a vip to LB between 2 servers ,and also specified to balance urls ,and it is absolutely working on port 11090 ,and this all http traffic
http://10.12.12.34:11090 ( this vip is working)
serverfarm host vip-1
probe PROBE_TCP_11090
rserver s0adcmmapps1
inservice
rserver s0adcmmapps2
inservice
sticky ip-netmask 255.255.255.255 address source vip-1_STICKY
timeout 30
replicate sticky
serverfarm vip-1
class-map match-all vip-1_CLASS
2 match virtual-address 10.12.12.34 tcp any
class-map type http loadbalance match-any vip_CLASSURL
2 match http url /jmx-console/*
3 match http url /web-console/*
4 match http url /mediamanager/*
5 match http url /teams/*
6 match http url /teamswebservices/*
7 match http url /artesia-ws/*
8 match http url /artesia/*
9 match http url /brs/*
10 match http url /content/*
11 match http url /OTMedia/*
12 match http url .*
13 match http url /mediamanager
14 match http url /teams
policy-map type loadbalance first-match vip-1_POLICY
class vip_CLASSURL
sticky-serverfarm vip-1_STICKY
policy-map multimatch POLICY
class vip-1_CLASS
loadbalance vip inservice
loadbalance policy vip-1_POLICY
loadbalance vip icmp-reply active
nat dynamic 2 vlan 2
appl-parameter http advanced-options CASE_PARAM
interface vlan 2
ip address 10.12.13.217 255.255.252.0
peer ip address 10.12.13.216 255.255.252.0
mtu 1500
no normalization
no icmp-guard
access-group input ALL
nat-pool 2 10.12.12.34 10.12.12.34 netmask 255.255.255.255 pat
service-policy input remote_mgmt_allow_policy
service-policy input POLICY
no shutdown
The same servers ,but this need work on port 11443 and its all https traffic,this past is not working
serverfarm host vip-https,
probe PROBE_TCP_11443
rserver s0adcmmapps1
inservice
rserver s0adcmmapps2
inservice
sticky ip-netmask 255.255.255.255 address source vip-https_STICKY
timeout 30
replicate sticky
serverfarm vip-https
class-map match-all vip-https_CLASS
2 match virtual-address 10.12.12.34 tcp eq 11443
policy-map type loadbalance first-match vip-https_POLICY
class class-default
sticky-serverfarm vip-https_STICKY
policy-map multimatch POLICY
class vip-https_CLASS
loadbalance vip inservice
loadbalance policy vip-https_POLICY
loadbalance vip icmp-reply active
nat dynamic 2 vlan 2
interface vlan 2
ip address 10.12.13.217 255.255.252.0
peer ip address 10.12.13.216 255.255.252.0
mtu 1500
no normalization
no icmp-guard
access-group input ALL
nat-pool 2 10.12.12.34 10.12.12.34 netmask 255.255.255.255 pat
service-policy input remote_mgmt_allow_policy
service-policy input POLICY
no shutdown
Thi is not working as application team is trying to access https://10.12.12.34:11443 ,this not working
when they bypass the vip and access the servers directly https://10.12.12.160:11443 its working fine.Please advise on this
Hi,
you can start with checking the status of serverfarm "vip-https" and also check the position of class map "vip-https_CLASS" in polic map "POLICY". Ideally it should be before the class map "vip_1-CLASS" as the later one is hitting port any, and earlier one is designated for TCP port 11443. So if position of class map matching VIP any is above the "VIP 11443", you will never get HIT on this VIP.
hope you got my point...
Similar Messages
-
New WSUS install does not respond to clients over ports 8530 or 8531
I've recently installed WSUS on a Server 2012 machine, and am struggling to get it to respond to requests from other hosts. I cannot get it to respond to any host in any manner, except for requests from itself.
My setup is as follows:
WSUS installed on a Server 2012 domain controller, DC01.
Other roles installed include AD CS, AD DS, DNS, IIS, and Print Services.
WSUS is using all default settings.
The firewall has inbound and outbound exceptions for ports 8530 and 8531
A bit of information about what's happening:
IIS will respond over port 80. I can open a Web browser from my workstation and connect to http://dc01/. If I attempt to connect to http://dc01:8530 (which I know should not work, but
should respond with a 403 error), it times out. Identical behavior is observed over port 8531 with https.
IIS will respond with a 403 if I make this same connection in a browser on DC01, it will work if I connect using either the loopback IP or hostname, but will time out if I attempt to make the connection using the server's local IP (IPv4).
If I try to connect from my workstation using the WSUS configuration snap-in, I get an error: The remote server could not be contacted. Please verify that IIS on the server is correctly configured and is running.
If I try to connect from DC01 using the WSUS configuration snap-in, it works correctly.
The above is true for both http (8530) and https (8531).
IIS logs show inbound connections from my workstation and show that IIS is responding with a 200. However, Wireshark running on DC01 shows three attempts by my workstation to open a connection -- three SYN packets, one initial attempt then two identical
retries -- over a period of about ten seconds, with no responses from DC01. If IIS is responding, the responses are getting lost sometime before they hit the NIC.
Bindings in IIS are correct, 8530 for http and 8531 for https.
Given that everything works fine when making a local connection, I think I can safely assume that WSUS itself is running properly, and the issue is related to IIS. Nonetheless, in the hopes of this simply being a failed install, I have uninstalled and reinstalled
both IIS and WSUS multiple times. (One thing to note, though I doubt it's related: WSUS consistently fails to set the path for the local update cache, failing the post-deployment configuration. I have to manually edit the UpdateServices-Services.xml file to
include the path for the local cache. Everything goes fine after I do that.)
I'm pretty stumped on this, and would happily accept any help. Thanks!I've recently installed WSUS on a Server 2012 machine, and am struggling to get it to respond to requests from other hosts. I cannot get it to respond to any host in any manner, except for requests from itself.
My setup is as follows:
WSUS installed on a Server 2012 domain controller, DC01.
Other roles installed include AD CS, AD DS, DNS, IIS, and Print Services.
Fundamentally you have two issues here:
The first is the question of co-existence between WSUS and AD CS.
The second is whether this machine was a DC before, or after, you installed WSUS.
With Windows Server 2003 systems, running 'dcpromo' after installing IIS (and WSUS) would break IIS (and thus WSUS). With Windows Server 2012, installing WSUS with the AD DS role present results in a broken WSUS installation (if not an outright installation
failure). This is because on a WS2012 Domain Controller, there are GPO restrictions on "Log On As A Service" which impact the ability of certain LOCAL accounts to do so ... one of which being the Network Service which is required for WSUS and another local
use account, which is used for WID.
Regarding ports and IIS -- WSUS is designed to work on port 8530 by default on a Windows Server 2012 box. It can also be made to work on port 80, but you have to use the correct utilities and procedures to make that change. As for your observation
that "port 6000" seems to be a cutoff.... I'll (re)direct your attention to the installation of Active Directory Certificate Services, which I suspect is a contributing factor, and in general firewall configuration rules -- which are probably the most likely
culprit on the port range of 6000+ (not including 8530 which I promise you is open by a rule explicitly created by/for WSUS).
So, here's my suggestion:
Install the WSUS role first.
Install the AD DS role if you must (but Domain Controllers should not also be web or application server).
Install the AD CS role elsewhere.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds. -
Cisco ACE VIP not responding to Pings
I've searched..... I cannot figure out why my VIPs do not ping. I have two vlans that both replay to a ping on the interface IPs. And I'm new at this, thanks in advace.
GKEL2-ACE1/35568059-Axia# show run
Generating configuration....
no ft auto-sync startup-config
logging enable
logging timestamp
logging trap 5
logging host 10.85.242.100 udp/514
login timeout 60
crypto chaingroup walnut-wcrt100
cert .dom.cer
cert wcrt100.pem
crypto chaingroup .dom-wcrt100
cert .dom.cer
cert wcrt100.pem
crypto csr-params .dom
country CA
state AB
organization-unit IT
common-name .dom
serial-number 1000
email support
crypto csr-params .dom
country CA
state AB
organization-unit IT
common-name .dom
serial-number 1001
email support
access-list ANYONE line 10 extended permit ip any any
access-list ANYONE line 20 extended permit icmp any any
access-list All line 1 extended permit ip any any
probe http HTTP1025
port 1025
interval 2
faildetect 2
passdetect interval 2
request method get url /Login.css
open 1
probe icmp PING
interval 2
faildetect 2
passdetect interval 60
probe tcp PROBE-TCP
interval 2
faildetect 2
passdetect interval 10
passdetect count 2
open 1
rserver redirect REDIRECT-HTTPS
webhost-redirection https://%h%p 302
inservice
rserver host WL1
ip address 10.205.70.100
inservice
rserver host WL2
ip address 10.205.70.101
inservice
rserver host WLDev1
ip address 10.205.71.202
inservice
rserver host WLDev2
ip address 10.205.71.203
inservice
rserver host WLTest1
ip address 10.205.71.150
inservice
rserver host WLTest2
ip address 10.205.71.151
inservice
serverfarm redirect REDIRECT-SERVERFARM
rserver REDIRECT-HTTPS
inservice
serverfarm host WEBLOGIC-7433
predictor leastconns
probe PING
rserver WL1 7433
inservice
rserver WL2 7433
inservice
serverfarm host WEBLOGIC-PROD
predictor leastconns
probe PING
rserver WL1 1025
inservice
rserver WL2 1026
inservice
serverfarm host WEBLOGIC-TEST-SSH
predictor leastconns
rserver WLTest1 22
inservice
rserver WLTest2 22
inservice
sticky http-cookie acecookie STICKY-INSERT-COOKIE
cookie insert
serverfarm WEBLOGIC-PROD
action-list type modify http REWRITE
header insert response Via header-value "1.1 web:%ps (ace10-8/a2)value"
header insert request Via header-value "1.1 web:%ps (ace10-8/a2)value"
header insert request X-Forwarded-Proto header-value "%pd"
ssl url rewrite location "*.*"
ssl header-insert session Id
ssl-proxy service ssl-client
ssl-proxy service ssl-proxy
key netcracker.cal.dom.key
cert netcracker.cal.dom.cer
chaingroup netcracker.cal.dom-wcrt100
class-map match-any L4VIPCLASS
2 match virtual-address 10.205.70.80 any
class-map type http loadbalance match-any L7-URL
2 match http url /*.*
class-map type http loadbalance match-all L7SLBCLASS
2 match http url /*
class-map type management match-any REMOTE-MANAGEMENT
2 match protocol telnet any
3 match protocol icmp any
4 match protocol ssh any
5 match protocol snmp any
6 match protocol http any
7 match protocol https any
class-map match-any SSH_Test
2 match virtual-address 10.205.71.80 tcp eq 22
class-map match-any weblogic-7433
2 match virtual-address 10.205.70.80 tcp eq 7433
class-map match-any weblogic-http
2 match virtual-address 10.205.70.80 tcp eq www
class-map match-any weblogic-https
2 match virtual-address 10.205.70.80 tcp eq https
policy-map type management first-match REMOTE-MANAGEMENT
class REMOTE-MANAGEMENT
permit
policy-map type loadbalance first-match L7SLBPOLICY
class L7SLBCLASS
ssl-proxy client ssl-client
policy-map type loadbalance first-match SSH_Test_Policy
class class-default
serverfarm WEBLOGIC-TEST-SSH
policy-map type loadbalance first-match weblogic-7433-policy
class class-default
serverfarm WEBLOGIC-7433
ssl-proxy client ssl-client
policy-map type loadbalance first-match weblogic-http-policy
class class-default
serverfarm REDIRECT-SERVERFARM
policy-map type loadbalance first-match weblogic-https-policy
class L7-URL
sticky-serverfarm STICKY-INSERT-COOKIE
class class-default
serverfarm WEBLOGIC-PROD
action REWRITE
ssl-proxy client ssl-proxy
policy-map multi-match L4LSBPOLICY
class L4VIPCLASS
loadbalance policy L7SLBPOLICY
policy-map multi-match LB-VIP
class weblogic-http
loadbalance vip inservice
loadbalance policy weblogic-http-policy
loadbalance vip icmp-reply
nat dynamic 1 vlan 3440
class weblogic-https
loadbalance vip inservice
loadbalance policy weblogic-https-policy
loadbalance vip icmp-reply
nat dynamic 1 vlan 3440
ssl-proxy server ssl-proxy
class weblogic-7433
loadbalance vip inservice
loadbalance policy weblogic-7433-policy
loadbalance vip icmp-reply
nat dynamic 1 vlan 3440
ssl-proxy server ssl-proxy
policy-map multi-match LB-VIP-Test
class SSH_Test
loadbalance vip inservice
loadbalance policy SSH_Test_Policy
loadbalance vip icmp-reply
interface vlan 3440
description Internal Production
ip address 10.205.70.250 255.255.255.0
access-group input All
access-group output All
nat-pool 1 10.205.70.249 10.205.70.249 netmask 255.255.255.0 pat
service-policy input REMOTE-MANAGEMENT
service-policy input LB-VIP
service-policy input L4LSBPOLICY
no shutdown
interface vlan 3516
description Internal Test/Dev
ip address 10.205.71.250 255.255.255.0
access-group input All
access-group output All
nat-pool 2 10.205.71.249 10.205.71.249 netmask 255.255.255.0 pat
service-policy input REMOTE-MANAGEMENT
service-policy input LB-VIP-Test
no shutdown
interface vlan 3520
description LB
ip address 10.205.72.1 255.255.255.0
access-group input All
access-group output All
no shutdown
ip route 0.0.0.0 0.0.0.0 10.205.70.253
username admin password 5 $1$r2r0NmEH$z8S0RxYdhwOE4RGXQ41 role Admin domain default-domain
username cust_admin password 5 $1$/tOIIfUK$yigE519cqLq1IFgX. role Admin domain default-domainI have removed that service policy completely. It was from some knowledgebase article when I was trying to get http redirection working.
There is no more L4LSBPOLICY nor L4VIPCLASS, Thanks a lot for looking at this...
GKEL2-ACE1/35568059-Axia# show service-policy summary
service-policy: LB-VIP
Class VIP Prot Port VLAN State Curr Conns Hit Count Conns Drop
weblogic-http 10.205.70.80 tcp eq 80 1,3440 IN-SRVC 0 50773 53
weblogic-https 10.205.70.80 tcp eq 443 1,3440 IN-SRVC 0 7406 112
weblogic-7433 10.205.70.80 tcp eq 7433 1,3440 IN-SRVC 0 145321 30
service-policy: LB-VIP-Dev
Class VIP Prot Port VLAN State Curr Conns Hit Count Conns Drop
weblogic-http-dev 10.205.71.90 tcp eq 80 1,3516 IN-SRVC 0 0 0
weblogic-https-dev 10.205.71.90 tcp eq 443 1,3516 IN-SRVC 0 0 0
weblogic-7433-dev 10.205.71.90 tcp eq 7433 1,3516 IN-SRVC 0 0 0
service-policy: LB-VIP-Test
Class VIP Prot Port VLAN State Curr Conns Hit Count Conns Drop
SSH_Test 10.205.71.80 tcp eq 22 1,3516 IN-SRVC 0 29 24
weblogic-http-test 10.205.71.80 tcp eq 80 1,3516 IN-SRVC 0 117 40
weblogic-https-test 10.205.71.80 tcp eq 443 1,3516 IN-SRVC 0 161 61
weblogic-7433-test 10.205.71.80 tcp eq 7433 1,3516 IN-SRVC 0 27 11
class-map type http loadbalance match-any L7-URL
2 match http url /*.*
class-map type http loadbalance match-all L7SLBCLASS
2 match http url /*
class-map type management match-any REMOTE-MANAGEMENT
2 match protocol telnet any
3 match protocol icmp any
4 match protocol ssh any
5 match protocol snmp any
6 match protocol http any
7 match protocol https any
class-map match-any SSH_Test
2 match virtual-address 10.205.71.80 tcp eq 22
class-map match-any weblogic-7433
2 match virtual-address 10.205.70.80 tcp eq 7433
class-map match-any weblogic-7433-dev
2 match virtual-address 10.205.71.90 tcp eq 7433
class-map match-any weblogic-7433-test
2 match virtual-address 10.205.71.80 tcp eq 7433
class-map match-any weblogic-http
2 match virtual-address 10.205.70.80 tcp eq www
class-map match-any weblogic-http-dev
2 match virtual-address 10.205.71.90 tcp eq www
class-map match-any weblogic-http-test
2 match virtual-address 10.205.71.80 tcp eq www
class-map match-any weblogic-https
2 match virtual-address 10.205.70.80 tcp eq https
class-map match-any weblogic-https-dev
2 match virtual-address 10.205.71.90 tcp eq https
class-map match-any weblogic-https-test
2 match virtual-address 10.205.71.80 tcp eq https
policy-map type management first-match REMOTE-MANAGEMENT
class REMOTE-MANAGEMENT
permit
policy-map type loadbalance first-match L7SLBPOLICY
class L7SLBCLASS
ssl-proxy client ssl-client
policy-map type loadbalance first-match SSH_Test_Policy
class class-default
serverfarm WEBLOGIC-TEST-SSH
policy-map type loadbalance first-match weblogic-7433-dev-policy
class class-default
serverfarm WEBLOGIC-7433-Dev
policy-map type loadbalance first-match weblogic-7433-policy
class class-default
serverfarm WEBLOGIC-7433
ssl-proxy client ssl-client
policy-map type loadbalance first-match weblogic-7433-test-policy
class class-default
serverfarm WEBLOGIC-7433-Test
ssl-proxy client ssl-client
policy-map type loadbalance first-match weblogic-http-dev-policy
class class-default
serverfarm REDIRECT-SERVERFARM
policy-map type loadbalance first-match weblogic-http-policy
class class-default
serverfarm REDIRECT-SERVERFARM
policy-map type loadbalance first-match weblogic-http-test-policy
class class-default
serverfarm REDIRECT-SERVERFARM
policy-map type loadbalance first-match weblogic-https-dev-policy
class L7-URL
sticky-serverfarm STICKY-INSERT-COOKIE-DEV
class class-default
serverfarm WEBLOGIC-DEV
action REWRITE
policy-map type loadbalance first-match weblogic-https-policy
class L7-URL
sticky-serverfarm STICKY-INSERT-COOKIE
class class-default
serverfarm WEBLOGIC-PROD
action REWRITE
ssl-proxy client ssl-proxy
policy-map type loadbalance first-match weblogic-https-test-policy
class L7-URL
sticky-serverfarm STICKY-INSERT-COOKIE-TEST
class class-default
serverfarm WEBLOGIC-TEST
action REWRITE
ssl-proxy client ssl-proxy-nctest
policy-map multi-match LB-VIP
class weblogic-http
loadbalance vip inservice
loadbalance policy weblogic-http-policy
loadbalance vip icmp-reply active
nat dynamic 1 vlan 3440
class weblogic-https
loadbalance vip inservice
loadbalance policy weblogic-https-policy
loadbalance vip icmp-reply
nat dynamic 1 vlan 3440
ssl-proxy server ssl-proxy
class weblogic-7433
loadbalance vip inservice
loadbalance policy weblogic-7433-policy
loadbalance vip icmp-reply
nat dynamic 1 vlan 3440
ssl-proxy server ssl-proxy
policy-map multi-match LB-VIP-Dev
class weblogic-http-dev
loadbalance vip inservice
loadbalance policy weblogic-http-dev-policy
loadbalance vip icmp-reply
nat dynamic 1 vlan 3516
class weblogic-https-dev
loadbalance vip inservice
loadbalance policy weblogic-https-dev-policy
loadbalance vip icmp-reply
nat dynamic 1 vlan 3516
class weblogic-7433-dev
loadbalance vip inservice
loadbalance policy weblogic-7433-dev-policy
loadbalance vip icmp-reply
nat dynamic 1 vlan 3516
policy-map multi-match LB-VIP-Test
class SSH_Test
loadbalance vip inservice
loadbalance policy SSH_Test_Policy
loadbalance vip icmp-reply
nat dynamic 1 vlan 3516
class weblogic-http-test
loadbalance vip inservice
loadbalance policy weblogic-http-test-policy
loadbalance vip icmp-reply
nat dynamic 1 vlan 3516
class weblogic-https-test
loadbalance vip inservice
loadbalance policy weblogic-https-test-policy
loadbalance vip icmp-reply
nat dynamic 1 vlan 3516
ssl-proxy server ssl-proxy-nctest
class weblogic-7433-test
loadbalance vip inservice
loadbalance policy weblogic-7433-test-policy
loadbalance vip icmp-reply
nat dynamic 1 vlan 3516
ssl-proxy server ssl-proxy-nctest
interface vlan 3440
description Internal Production
ip address 10.205.70.250 255.255.255.0
mac-sticky enable
access-group input All
access-group output All
nat-pool 1 10.205.70.249 10.205.70.249 netmask 255.255.255.0 pat
service-policy input REMOTE-MANAGEMENT
service-policy input LB-VIP
no shutdown
interface vlan 3516
description Internal Test/Dev
ip address 10.205.71.250 255.255.255.0
mac-sticky enable
access-group input All
access-group output All
nat-pool 1 10.205.71.240 10.205.71.249 netmask 255.255.255.0 pat
service-policy input REMOTE-MANAGEMENT
service-policy input LB-VIP-Test
service-policy input LB-VIP-Dev
no shutdown
interface vlan 3520
description LB
ip address 10.205.72.1 255.255.255.0
access-group input All
access-group output All
no shutdown
ip route 0.0.0.0 0.0.0.0 10.205.70.253 -
ACE VIP not Responding to Ping and cant Connect
Hello All,
I recently deployed an ACE 4710 Appliance. Configs seems right but clients cant Ping the VIP and acnt also connect to the VIP. Also VIP Dosent show in 'sh arp'.
Pls HELP!!!
See the configs!!
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.10.11 10:48:14 =~=~=~=~=~=~=~=~=~=~=~=
sh runGenerating configuration....
boot system image:c4710ace-mz.A4_2_0.bin
hostname STERLING-ACE
interface gigabitEthernet 1/1
channel-group 1
no shutdown
interface gigabitEthernet 1/2
channel-group 1
no shutdown
interface gigabitEthernet 1/3
channel-group 1
no shutdown
interface gigabitEthernet 1/4
channel-group 1
no shutdown
interface port-channel 1
switchport trunk allowed vlan 10,200,205,210,215
no shutdown
--More--
access-list INBOUND line 10 extended permit ip any any
access-list INBOUND line 16 extended permit icmp any any
access-list INBOUND line 24 extended permit icmp any any echo
probe http BANK-APP
interval 2
faildetect 2
passdetect interval 2
expect status 200 200
open 1
probe icmp PING
description ***simple ping monitor***
interval 10
passdetect interval 60
passdetect count 2
receive 1
probe tcp TCP80
interval 10
passdetect interval 10
passdetect count 2
--More--
receive 1
open 5
rserver host BANK-APP-SERVER1
description ***GUI SERVER 1***
ip address 172.20.1.50
probe PING
inservice
rserver host BANK-APP-SERVER2
description ***GUI SERVER 2***
ip address 172.20.1.51
probe PING
inservice
rserver host BANK-APP-SERVER3
description ***GUI SERVER 3***
ip address 172.20.1.52
probe PING
inservice
rserver host BANK-APP-SERVER4
description ***GUI SERVER 4***
ip address 172.20.1.53
probe PING
--More--
inservice
rserver host THIN-CLIENT1
description ***CLI SERVER 1***
ip address 172.20.1.34
probe PING
inservice
rserver host THIN-CLIENT2
description ***CLI SERVER 2***
ip address 172.20.1.35
probe PING
inservice
rserver host THIN-CLIENT3
description ***CLI SERVER 3***
ip address 172.20.1.36
probe PING
inservice
rserver host THIN-CLIENT4
description ***CLI SERVER 4***
ip address 172.20.1.37
probe PING
inservice
--More--
serverfarm host CLI-GROUP
predictor leastconns
probe TCP80
rserver THIN-CLIENT1
inservice
rserver THIN-CLIENT2
inservice
rserver THIN-CLIENT3
inservice
rserver THIN-CLIENT4
inservice
serverfarm host GUI-GROUP
predictor leastconns
probe TCP80
rserver BANK-APP-SERVER1
inservice
rserver BANK-APP-SERVER2
inservice
rserver BANK-APP-SERVER3
inservice
rserver BANK-APP-SERVER4
inservice
--More--
parameter-map type connection TCP-PARAM-MAP
set timeout inactivity 360000
class-map type management match-any REMOTEACCESS
description remote access traffic match
2 match protocol ssh any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol xml-https any
6 match protocol http any
7 match protocol https any
class-map match-all TCP-CLASS
description TCP CONNECTION TIMER
2 match any
class-map match-all VS_WEB1
2 match virtual-address 10.0.0.115 any
class-map match-all VS_WEB2
2 match virtual-address 10.0.0.113 any
policy-map type management first-match REMOTEPOLICY
--More--
class REMOTEACCESS
permit
policy-map type loadbalance first-match HTTP_LB1
class class-default
serverfarm CLI-GROUP
policy-map type loadbalance first-match HTTP_LB2
class class-default
serverfarm GUI-GROUP
policy-map multi-match HTTP_MULTI_MATCH1
class VS_WEB1
loadbalance vip inservice
loadbalance policy HTTP_LB1
loadbalance vip icmp-reply
policy-map multi-match HTTP_MULTI_MATCH2
class VS_WEB2
loadbalance vip inservice
loadbalance policy HTTP_LB2
loadbalance vip icmp-reply
policy-map multi-match TCPIP-POLICY
class TCP-CLASS
connection advanced-options TCP-PARAM-MAP
service-policy input REMOTEPOLICY
service-policy input TCPIP-POLICY
interface vlan 10
description ***LAN LEG***
ip address 10.0.0.66 255.255.255.0
no icmp-guard
access-group input INBOUND
no shutdown
interface vlan 200
description ***THIN CLIENT VLAN****
ip address 172.20.1.33 255.255.255.240
no icmp-guard
access-group input INBOUND
service-policy input HTTP_MULTI_MATCH1
no shutdown
interface vlan 210
description ***BANK APP SERVER VLAN****
ip address 172.20.1.49 255.255.255.240
no icmp-guard
--More--
access-group input INBOUND
service-policy input HTTP_MULTI_MATCH2
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.0.200
username admin password 5 $1$ouG5.Okh$jwBoWkMiWstoTPwb9K9ku1 role Admin domain
default-domain
username www password 5 $1$M31zwdiF$iY8Y5e9nV2sMM2HxwrQI7/ role Admin domain de
fault-domain
STERLING-ACE/Admin#
Thanks!!Hi Joshua,
class-map match-all VS_WEB1
2 match virtual-address 10.0.0.115 any
class-map match-all VS_WEB2
2 match virtual-address 10.0.0.113 any
You have applied
"service-policy input HTTP_MULTI_MATCH1" in VLAN 200 and 210 but as per the config I believe it should be applied to VLAN10.
interface vlan 10
description ***LAN LEG***
ip address 10.0.0.66 255.255.255.0
no icmp-guard
access-group input INBOUND
no shutdown
Can you apply the service policy in VLAN 10 and let me know the result. -
Fonts not recognized on a specific port
Hi,
We have a indesign server running as a service on two ports. When we try to process a indesign document on a 18383 port, it says certain fonts not available. But, if the same document is processed through 41000 port, fonts missing error doesn't come up.
On changing the port from 18383 to 42000, it worked fine. Is there any reason for the port not able to find the fonts in the system?
Thanks.Hello,
Has anyone faced a similar problem before? We need to know the reason for this as if this happens in the future, we should be able to have the solution in hand.
Thanks -
hi guys , i have created a tab with 13 columns. column 1-7 is aligning correctly according to my specifications, column 8-13
is misaligning and not responding to my specifications. i have tried editing my values in millimeters, still no luck. i have tried increasing the width of my window, stil nochange. i really need to solve this with yo help.
my window is 193 mm width
each tab has a diff of 12mm to the next.
thanks in advancehi nick, the fields are not aligning, i'm making a cheque which has preprinted layout so my numbers which are in words have to go into a specific layout of the check paper. The sample lay out is like below. the amounts are the ones which are mis aligning
after the 7th tab.
BILLION MILLIONS THOUSANDS
e.g ZERO | ZERO |ZERO |ZERO |ZERO |ZERO |ZERO | ZE|RO SEV|EN |ONE |EIG|HT -
OS X Server 3 outgoing mail relay no longer supports a specific port
Just installed OS X Server 3 on Mavericks. All is well, but for some reason it does not allow adding a specific port for "Outgoing mail relay: mailout.isp.com:587"
OS X Server 2 used to allow this and i used it to connect to my smtp relay from my isp. It does not allow port 25 connections. If you try this in OS X Server 3 it just complains with "bad formatting"
Can anyone confirm this?Found another thread discussing this.
https://discussions.apple.com/message/23544605#23544605
Answer from there:
You need to edit the postfix main.cf file manually with your favorite text editor:
sudo vi /Library/Server/Mail/Config/postfix/main.cf
find the line
relayhost = host.example.com
change it to
relayhost = host.example.com:587 (or some other port)
then do a
sudo postfix reload
to reload postfix configuration files
and
sudo postsuper -r ALL
to retry sending the e-mails again.
NOTE: If you open OS X Server 3 app and go to Mail -> Relay outgoing mail through ISP -> Edit the Outgoing server address will show as BLANK, this is normal, just click cancel and leave it alone. -
Ports are being block (not responding)
Ports are being block (not responding), port forwarding is configured on the router and firewall is turned off on the server (osx 10.8). Am I missing anything?
Server has a static IP which I forwarded to ports to
I'm setting up VPN server and need ports 500, 1701, 1723, 4500 open
Thanks
-AllenDepending on the exact set-up of the network, L2TP requires UDP ports 500, 1701 and 4500 and the IP-ESP protocol, which is IP protocol 50; ESP.
Other than ESP (which is protocol 50 and not port 50), these are UDP ports, and not TCP.
TCP 1723 is used for PPTP. Not L2TP.
It is common for L2TP passthrough to fail when more than one connection is active.
As compared with L2TP, PPTP is usually easier to get going around NAT. Though conversely, L2TP is rather more secure than PPTP.
Check your Mac OS X Server firewall settings, too. If you have some outboard network device providing a NAT gateway, try dropping the server firewall.
Use of an external firewall-gateway with an embedded VPN server is something I've variously recommended, too. (I find that VPN NAT passthrough is something best avoided, as VPNs and NAT are operating at crossed purposes. VPNs seek to keep connection end-points known, while NAT tries to hide those connection end-points. Doing the VPN processing on the Internet side of the NAT is just... well, easier.)
Also ensure that your ISP is not blocking VPN connections. While you might be on static IP, confirm the ports are open. Trust, but verify. Get yourself a UDP port scanner, and have a look.
If it's permissible within your ISP service tier (and depending on what protocols you're testing), probe the specific target ports using telnet or the openssl s_client command and (particularly for this case) the nc (netcat) tools, and see if the ports allow access. nc can run port probes on UDP, which is the key piece here given telnet and s_client target TCP and TCP SSL connections. Probably something like the nc -zu w.x.y.z udp-port command. -
The second USB port on my iBook is not responding to my Flashdrive. However, the other USB port is. Any suggestions for fixing or figuring out what the problem is?
Thanks.Help. I too am having problems with my USB ports on a brand new 2.16ghz 15" Macbook Pro with 2GB Memory. More specifically, for my business, I use Vectorworks 12, a macintosh CAD program with a serial dongle that enables me to simply open and run the program. Well, the serial dongle is not lighting up as it should whwn plugging it into my MacBook Pro. My wife has a 15" PowerBook and G4 17" iMac, in which the dongle does NOT light up either! When I plug the dongle into my Dual 2 ghz "G5" Tower it lights up perfectly as it historically did! I plugged in a thumb drive that works in both my laptop and G5 tower. So why all of a sudden does the Vectorworks Serial Dongle become unrecognized by both USB ports in my MacBook Pro when Thumb drives, iPods, USB mouse etc. all work? The serial dongle should have at least lit up in my wifes 15" PowerBook or G4 iMac if the problem was isolated to my MacBook right? Something is messed up from the last firmware update maybe? So, what the heck happened! It was working a few days ago!? I need to use this serial dongle in my MacBook Pro but why is it, of all these computers mentioned, only being recognized on the G5? Please Help!
-
Itunes7 not responding with a mobile connected with usb port
Hello,
I try to listen music connecting a nokia n91 (hard disk 4gbyte) with the usb port and itunes7.
often itunes7 crashes (not responding status) and even I shut down the program, then it stops again, and again, and again..
Obviously with the previous version of itunes I had NO PROBLEMS!!
it seem that the version 7 has not been tested enough..
regards,
dave from italyIf it boots from the enlosure then I agree with Shootist in that it's more than likely that there's a problem with your SATA cable. Call or contact OWC and tell them the problem that you're having with their drive. They may just ship you a cable free.
Clinton -
My first generation AppleTV will not sync with iTunes anymore. I get an error message that says: "The Apple TV is not responding Check that any firewall software running on this comptuter has been set to allow communication on port 3689" firewall is turned off.. Any ideas?
Thanks Rudegar,
I only synch and do not stream off of my 1st Gen AppleTV
I will try with ethernet but will be a pain in the butt if i can not fix it with wifi for long term fix
I may end up trying to do a named IP address vs DHCP for this appleTV (not sure if i can do both and do not want to remove DHCP as i have a bunch of sensors and other devices that I prefer to dynamically add to the network via DHCP vs. assign each one
Will keep working on other fix options (factory reset, etc.)
Thanks again -
Apple TV not responding-Port 3689
I have been syncing with my Apple TV for almost 2 years. My only recent changes have been the upgrade to Snow Leopard. When I tried to sync today and clicked on the more info I received the following response:
Once you have synced or paired the Apple TV to your Mac to establish a syncing or streaming connection, iTunes may say "The Apple TV [Name] is not responding. Check that any firewall software running on this computer has been set to allow communication on port 3689."
Firewall is not enabled presently. Any help would be appreciated.
ThanksAZWally wrote:
.............. I received the following response:
*Once you have synced or paired the Apple TV to your Mac to establish a syncing or streaming connection, iTunes may say "The Apple TV [Name] is not responding. Check that any firewall software running on this computer has been set to allow communication on port 3689."*
Is that the message you get, or are you saying you have re-linked the library (pass code) as a troubleshooting step and then get the message: "The Apple TV [Name] is not responding. Check that any firewall software running on this computer has been set to allow communication on port 3689." -
Dear All,
I have open my 25, 110, 80 port on my Server from local i can telnet all those via my private ip but from public ip its not responding.
2nd thing I can ping both ips of My server through private ip and through public ip.
Any help to solve this issue.
Thanks
Rehman GhaniI have to agree with ngoldwat's statement. The symptoms sound like misconfigure or non-configured NAT on your router. Take a look at it and ensure your NAT statements are applied to the correct interface as well. You may also have to tweak the ACL that identifies the traffic to be NATed. Good luck.
-
Apple TV not responding, check firewall port 3689
Hi,
I have this problem: "Apple TV not responding" with my PC wired to the router (Thomson Speedtouch 780i WL). I have read all the topics on this issue and tried everything: no success! With my XP laptop I can make a wireless connection and everything works fine. But not with the PC where I have all my music and photo archives on.
Now I have a clean installed Vista and the problem remains the same. How is this possible?
- the firewall port 3689 is open
- i have rebooted everyting
- i have made a new connection with the apple tv
- apple tv software is updated
I want to get this thing working. Could you please help me?
Thanks, Sliek.The problem is not with the router nor the firewall. And with you having the issue on a PC and I having it on a Mac, this rules out the OS. That leaves a networking problem in either iTunes or the AppleTV. Or most likely a dropped packet of information between the two.
Using NetBarrier I have watched the interaction between my Mac and the AppleTV. The sync occurs in three separate phases. The first phase initiates communications via port 3689 and a few high order ports (49xxx - 6xxxx). After this is finished about a dozen ports are opened by the AppleTV (all high order) for a couple of minutes. When these ports close and after a substantial wait, the AppleTV opens a whole s**t-load of ports (well over 200) and the actual sync occurs. It is this third phase that fails when I fail the sync. Or iTunes gets stuck waiting for a response from the AppleTV. I think that the AppleTV is dropping the ball and failing to respond properly. -
Apple TV Not Responding - Firewall Port 3689?
I just purchased the Apple TV, and went through the setup. Everything seemed to go smoothly until I tried to sync through iTunes and I got an error saying:
Apple TV is not responding, check that any firewall software is set to allow communications on port 3689
Any idea what is going on? Could I have entered the password to my Airport Extreme wrong? I am on a Macbook Pro under 10.5.4.
ThanksWell I say hijack because if the ATV connected to wireless, nothing else could. The computer sharing my iTunes library would stay connected for about 20 minutes, then whatever I was watching would freeze and then connection was lost. Had to reboot everything to get the connection back up. To figure it out I just realized that when the ATV was connected, it was the only thing connecting. iphone, desktop pc, mac mini, and laptop pc would all lose connection. I think I jumped the gun posting I got it working though, because after I set the reserves in DHCP it worked long enough to get my hopes up...now the other devices still have connections, but iTunes stops sharing about 20 minutes into whatever I'm watching. Very frustrating. Other forums are telling me to buy an airport, i may try it just to see if it works, but think its pretty shady if thats what I have to do to get this working right.
BTW I'm using a Linksys WRT160N (http://www.linksys.com/servlet/Satellite?c=LProductC2&childpagename=US%2FLayout&cid=1175239516849&pagename=Linksys%2FCommon%2FVisit orWrapper) router. WEP enabled for now but was and will use WPA TKIP.
Maybe you are looking for
-
Error In ECC 6.0 installation
Hi All, I am installing Ecc6.0 SR2 on windows server 2003,but on phase 38 "PREPARE TO CONFIGURE AS JAVA " i am getting the following errors: 1.ERROR 2007-05-29 10:35:15 CJS-30156 SDM deployment failed for at least one of the components to deploy.<br
-
Fiscal Year Variant (OB29)
I am trying to copy over a fiscal year variant's periods from one year, to the next. However, I am running into the error "Financial year variant periods MI are not in increasing order". This exact setup of periods is saved in prior years, but it wil
-
Very frustrating Am on Windows Vista with service pack 2 My discs are for Office Professinal 2007 (doesnt say plus on the packaging so assume its not - contains word 2007, excel 2007, powerpoint 2007, outlook 2007 with BCM, publisher 2007 and access
-
Why can't I add downloaded music to my iPod?
I have 2000 songs on one computer and on my iPod, and 300 on another that I just purchased. How can I merge them or get the new 300 into my iPod?
-
Transport collection for meta chain
Hi all, I had a meta chain which carries 4 master chains. now we made change in the order ( before order 1-2-3-4 changed order 1-3-4-2) of the 4 master chains in the Meta chain. collected the meta chain and transported to test system but the changes