[c-nsp] Ace Module Troubleshooting

Teller, Robert RTeller at deltadentalwa.com
Thu Aug 7 13:54:27 EDT 2008


So i have a wierd issue going on with my ACE module. I am sure it is a
configuration issue but since i am making it up as i go i can only do so
much.
I am able to browse to a load balanced website from one computer but if
i try to browse to it from another computer the website is unavailable.
 
the website is under the dp-qa domain.
 
------------------------------------------------------------------------
---------------
logging console 6
logging timestamp
 
 
 
 
access-list any line 8 extended permit icmp any any 
access-list any line 16 extended permit ip any any 
 
 
 
probe tcp TCP-5002_PROBE
  port 5002
  interval 3
  passdetect interval 3
probe tcp TCP-8003_PROBE
  port 8003
  interval 3
  passdetect interval 3
probe http TCP-80_PROBE
  interval 5
  passdetect interval 5
  expect status 200 200
  hash
  connection term forced
probe tcp TCP-9090_PROBE
  port 9090
  interval 5
  connection term forced
probe http ciscotest_PROBE
  interval 5
  passdetect interval 5
  request method get url /ciscotest/
  expect status 200 200
  hash
  connection term forced
 

rserver host dm-qa-app25
  ip address 172.22.237.23
  inservice
rserver host dm-qa-app26
  ip address 172.22.237.25
  inservice
rserver host dm-qa-web21
  ip address 172.22.237.19
  inservice
rserver host dm-qa-web22
  ip address 172.22.237.21
  inservice
rserver host dp-qa-app85
  ip address 172.22.237.24
  inservice
rserver host dp-qa-app86
  ip address 172.22.237.26
  inservice
rserver host dp-qa-web81
  ip address 172.22.237.20
  inservice
rserver host dp-qa-web82
  ip address 172.22.237.22
  inservice
rserver host recluse1
  ip address 172.22.228.88
  inservice
rserver host recluse2
  ip address 172.22.228.89
  inservice
 
serverfarm host dm-qa-app
  probe TCP-80_PROBE
  rserver dm-qa-app25
    inservice
  rserver dm-qa-app26
    inservice
serverfarm host dm-qa-ivr
  probe TCP-5002_PROBE
  rserver dm-qa-web21
    inservice
  rserver dm-qa-web22
    inservice
serverfarm host dm-qa-socket
  probe TCP-8003_PROBE
  rserver dm-qa-app25
    inservice
  rserver dm-qa-app26
    inservice
serverfarm host dm-qa-web
  probe ciscotest_PROBE
  rserver dm-qa-web21
    inservice
  rserver dm-qa-web22
    inservice
serverfarm host dp-qa-app
  probe TCP-80_PROBE
  rserver dp-qa-app85
    inservice
  rserver dp-qa-app86
    inservice
serverfarm host dp-qa-ivr
  probe TCP-5002_PROBE
  rserver dp-qa-web81
    inservice
  rserver dp-qa-web82
    inservice
serverfarm host dp-qa-socket
  probe TCP-8003_PROBE
  rserver dp-qa-app85
    inservice
  rserver dp-qa-app86
    inservice
serverfarm host dp-qa-web
  probe ciscotest_PROBE
  rserver dp-qa-web81
    inservice
  rserver dp-qa-web82
    inservice
serverfarm host recluse
  predictor leastconns
  probe TCP-9090_PROBE
  rserver recluse1
    inservice
  rserver recluse2
    inservice
 
class-map type management match-any REMOTE_ACCESS
  2 match protocol ssh any
  3 match protocol telnet any
  4 match protocol icmp any
  5 match protocol snmp any
  6 match protocol http any
  7 match protocol https any
class-map match-all dm-qa-app_CLASS
  2 match virtual-address XXX.XXX.XXX.136 tcp eq www
class-map match-all dm-qa-ivr_CLASS
  2 match virtual-address XXX.XXX.XXX.138 tcp eq 5002
class-map match-all dm-qa-socket_CLASS
  2 match virtual-address XXX.XXX.XXX.139 tcp eq 8003
class-map match-all dm-qa-web_CLASS
  2 match virtual-address XXX.XXX.XXX.137 tcp eq www
class-map match-all dp-qa-app_CLASS
  2 match virtual-address XXX.XXX.XXX.140 tcp eq www
class-map match-all dp-qa-ivr_CLASS
  2 match virtual-address XXX.XXX.XXX.142 tcp eq 5002
class-map match-all dp-qa-socket_CLASS
  2 match virtual-address XXX.XXX.XXX.143 tcp eq 8003
class-map match-all dp-qa-web_CLASS
  2 match virtual-address XXX.XXX.XXX.141 tcp eq www
class-map match-any recluse_CLASS
  2 match virtual-address XXX.XXX.XXX.134 tcp eq 9090
  3 match virtual-address XXX.XXX.XXX.134 tcp eq 10000
 
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
  class REMOTE_ACCESS
    permit
 
policy-map type loadbalance first-match dm-qa-app_POLICY
  class class-default
    serverfarm dm-qa-app
policy-map type loadbalance first-match dm-qa-ivr_POLICY
  class class-default
    serverfarm dm-qa-ivr
policy-map type loadbalance first-match dm-qa-socket_POLICY
  class class-default
    serverfarm dm-qa-socket
policy-map type loadbalance first-match dm-qa-web_POLICY
  class class-default
    serverfarm dm-qa-web
policy-map type loadbalance first-match dp-qa-app_POLICY
  class class-default
    serverfarm dp-qa-app
policy-map type loadbalance first-match dp-qa-ivr_POLICY
  class class-default
    serverfarm dp-qa-ivr
policy-map type loadbalance first-match dp-qa-socket_POLICY
  class class-default
    serverfarm dp-qa-socket
policy-map type loadbalance first-match dp-qa-web_POLICY
  class class-default
    serverfarm dp-qa-web
policy-map type loadbalance first-match recluse_POLICY
  class class-default
    serverfarm recluse
 
policy-map multi-match POLICY
  class recluse_CLASS
    loadbalance vip inservice
    loadbalance policy recluse_POLICY
    loadbalance vip icmp-reply active
    nat dynamic 134 vlan 238
  class dm-qa-app_CLASS
    loadbalance vip inservice
    loadbalance policy dm-qa-app_POLICY
    loadbalance vip icmp-reply active
    nat dynamic 136 vlan 238
  class dm-qa-web_CLASS
    loadbalance vip inservice
    loadbalance policy dm-qa-web_POLICY
    loadbalance vip icmp-reply active
    nat dynamic 137 vlan 238
  class dm-qa-ivr_CLASS
    loadbalance vip inservice
    loadbalance policy dm-qa-ivr_POLICY
    loadbalance vip icmp-reply active
    nat dynamic 138 vlan 238
  class dm-qa-socket_CLASS
    loadbalance vip inservice
    loadbalance policy dm-qa-socket_POLICY
    loadbalance vip icmp-reply active
    nat dynamic 139 vlan 238
  class dp-qa-app_CLASS
    loadbalance vip inservice
    loadbalance policy dp-qa-app_POLICY
    loadbalance vip icmp-reply active
    nat dynamic 140 vlan 238
  class dp-qa-web_CLASS
    loadbalance vip inservice
    loadbalance policy dp-qa-web_POLICY
    loadbalance vip icmp-reply active
    nat dynamic 141 vlan 238
  class dp-qa-ivr_CLASS
    loadbalance vip inservice
    loadbalance policy dp-qa-ivr_POLICY
    loadbalance vip icmp-reply active
    nat dynamic 142 vlan 238
  class dp-qa-socket_CLASS
    loadbalance vip inservice
    loadbalance policy dp-qa-socket_POLICY
    loadbalance vip icmp-reply active
    nat dynamic 143 vlan 238
 
interface vlan 238
  ip address XXX.XXX.XXX.253 255.255.255.128
  alias XXX.XXX.XXX.252 255.255.255.128
  peer ip address XXX.XXX.XXX.254 255.255.255.128
  access-group input any
  nat-pool 134 XXX.XXX.XXX.134 XXX.XXX.XXX.134 netmask 255.255.255.255
  nat-pool 136 XXX.XXX.XXX.136 XXX.XXX.XXX.136 netmask 255.255.255.255
  nat-pool 137 XXX.XXX.XXX.137 XXX.XXX.XXX.137 netmask 255.255.255.255
  nat-pool 138 XXX.XXX.XXX.138 XXX.XXX.XXX.138 netmask 255.255.255.255
  nat-pool 139 XXX.XXX.XXX.139 XXX.XXX.XXX.139 netmask 255.255.255.255
  nat-pool 140 XXX.XXX.XXX.140 XXX.XXX.XXX.140 netmask 255.255.255.255
  nat-pool 141 XXX.XXX.XXX.141 XXX.XXX.XXX.141 netmask 255.255.255.255
  nat-pool 142 XXX.XXX.XXX.142 XXX.XXX.XXX.142 netmask 255.255.255.255
  nat-pool 143 XXX.XXX.XXX.143 XXX.XXX.XXX.143 netmask 255.255.255.255
  service-policy input POLICY
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  no shutdown
 
domain dm-qa
  add-object serverfarm dm-qa-app
  add-object serverfarm dm-qa-ivr
  add-object serverfarm dm-qa-socket
  add-object serverfarm dm-qa-web
  add-object rserver dm-qa-app25
  add-object rserver dm-qa-app26
  add-object rserver dm-qa-web21
  add-object rserver dm-qa-web22
domain recluse
  add-object serverfarm recluse
  add-object rserver recluse1
  add-object rserver recluse2
domain dp-qa
  add-object serverfarm dp-qa-app
  add-object serverfarm dp-qa-ivr
  add-object serverfarm dp-qa-socket
  add-object serverfarm dp-qa-web
  add-object rserver dp-qa-app85
  add-object rserver dp-qa-app86
  add-object rserver dp-qa-web81
  add-object rserver dp-qa-web82
 
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.129
 
 
 
 
 
 
Robert Teller
Washington Dental Service
Network Administrator 
(206) 528-2371
RTeller at DeltaDentalWa.com <mailto:RTeller at DeltaDentalWa.com> 
 

#########################################################
The information contained in this e-mail and subsequent attachments may be privileged, 
confidential and protected from disclosure.  This transmission is intended for the sole 
use of the individual and entity to whom it is addressed.  If you are not the intended 
recipient, any dissemination, distribution or copying is strictly prohibited.  If you 
think that you have received this message in error, please e-mail the sender at the above 
e-mail address.
#########################################################


More information about the cisco-nsp mailing list