[c-nsp] Ace Module Troubleshooting
Tony Varriale
tvarriale at comcast.net
Thu Aug 7 16:45:42 EDT 2008
A few questions...
Which port is this occuring on? 9090? 10000? or both?
Can you output "sh serverfarm recluse" and "sh probe TCP-9090_PROBE?
Is this a web app running on those ports?
tv
----- Original Message -----
From: "Teller, Robert" <RTeller at deltadentalwa.com>
To: <cisco-nsp at puck.nether.net>
Sent: Thursday, August 07, 2008 1:09 PM
Subject: Re: [c-nsp] Ace Module Troubleshooting
> For some reason the class map didn't show up right
>
> class-map match-all dm-qa-app_CLASS
> 2 match virtual-address XXX.XXX.XXX.136 tcp eq www
> class-map match-all dm-qa-ivr_CLASS
> 2 match virtual-address XXX.XXX.XXX.138 tcp eq 5002
> class-map match-all dm-qa-socket_CLASS
> 2 match virtual-address XXX.XXX.XXX.139 tcp eq 8003
> class-map match-all dm-qa-web_CLASS
> 2 match virtual-address XXX.XXX.XXX.137 tcp eq www
> class-map match-all dp-dev-app_CLASS
> 2 match virtual-address XXX.XXX.XXX.144 tcp eq www
> class-map match-all dp-dev-ivr_CLASS
> 2 match virtual-address XXX.XXX.XXX.146 tcp eq 5002
> class-map match-all dp-dev-socket_CLASS
> 2 match virtual-address XXX.XXX.XXX.147 tcp eq 8003
> class-map match-all dp-dev-web_CLASS
> 2 match virtual-address XXX.XXX.XXX.145 tcp eq www
> class-map match-all dp-qa-app_CLASS
> 2 match virtual-address XXX.XXX.XXX.140 tcp eq www
> class-map match-all dp-qa-ivr_CLASS
> 2 match virtual-address XXX.XXX.XXX.142 tcp eq 5002
> class-map match-all dp-qa-socket_CLASS
> 2 match virtual-address XXX.XXX.XXX.143 tcp eq 8003
> class-map match-all dp-qa-web_CLASS
> 2 match virtual-address XXX.XXX.XXX.141 tcp eq www
> class-map match-any recluse_CLASS
> 2 match virtual-address XXX.XXX.XXX.134 tcp eq 9090
> 3 match virtual-address XXX.XXX.XXX.134 tcp eq 10000
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Teller, Robert
> Sent: Thursday, August 07, 2008 10:54 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Ace Module Troubleshooting
>
> So i have a wierd issue going on with my ACE module. I am sure it is a
> configuration issue but since i am making it up as i go i can only do so
> much.
> I am able to browse to a load balanced website from one computer but if
> i try to browse to it from another computer the website is unavailable.
>
> the website is under the dp-qa domain.
>
> ------------------------------------------------------------------------
> ---------------
> logging console 6
> logging timestamp
>
>
>
>
> access-list any line 8 extended permit icmp any any access-list any line
> 16 extended permit ip any any
>
>
>
> probe tcp TCP-5002_PROBE
> port 5002
> interval 3
> passdetect interval 3
> probe tcp TCP-8003_PROBE
> port 8003
> interval 3
> passdetect interval 3
> probe http TCP-80_PROBE
> interval 5
> passdetect interval 5
> expect status 200 200
> hash
> connection term forced
> probe tcp TCP-9090_PROBE
> port 9090
> interval 5
> connection term forced
> probe http ciscotest_PROBE
> interval 5
> passdetect interval 5
> request method get url /ciscotest/
> expect status 200 200
> hash
> connection term forced
>
>
> rserver host dm-qa-app25
> ip address 172.22.237.23
> inservice
> rserver host dm-qa-app26
> ip address 172.22.237.25
> inservice
> rserver host dm-qa-web21
> ip address 172.22.237.19
> inservice
> rserver host dm-qa-web22
> ip address 172.22.237.21
> inservice
> rserver host dp-qa-app85
> ip address 172.22.237.24
> inservice
> rserver host dp-qa-app86
> ip address 172.22.237.26
> inservice
> rserver host dp-qa-web81
> ip address 172.22.237.20
> inservice
> rserver host dp-qa-web82
> ip address 172.22.237.22
> inservice
> rserver host recluse1
> ip address 172.22.228.88
> inservice
> rserver host recluse2
> ip address 172.22.228.89
> inservice
>
> serverfarm host dm-qa-app
> probe TCP-80_PROBE
> rserver dm-qa-app25
> inservice
> rserver dm-qa-app26
> inservice
> serverfarm host dm-qa-ivr
> probe TCP-5002_PROBE
> rserver dm-qa-web21
> inservice
> rserver dm-qa-web22
> inservice
> serverfarm host dm-qa-socket
> probe TCP-8003_PROBE
> rserver dm-qa-app25
> inservice
> rserver dm-qa-app26
> inservice
> serverfarm host dm-qa-web
> probe ciscotest_PROBE
> rserver dm-qa-web21
> inservice
> rserver dm-qa-web22
> inservice
> serverfarm host dp-qa-app
> probe TCP-80_PROBE
> rserver dp-qa-app85
> inservice
> rserver dp-qa-app86
> inservice
> serverfarm host dp-qa-ivr
> probe TCP-5002_PROBE
> rserver dp-qa-web81
> inservice
> rserver dp-qa-web82
> inservice
> serverfarm host dp-qa-socket
> probe TCP-8003_PROBE
> rserver dp-qa-app85
> inservice
> rserver dp-qa-app86
> inservice
> serverfarm host dp-qa-web
> probe ciscotest_PROBE
> rserver dp-qa-web81
> inservice
> rserver dp-qa-web82
> inservice
> serverfarm host recluse
> predictor leastconns
> probe TCP-9090_PROBE
> rserver recluse1
> inservice
> rserver recluse2
> inservice
>
> class-map type management match-any REMOTE_ACCESS
> 2 match protocol ssh any
> 3 match protocol telnet any
> 4 match protocol icmp any
> 5 match protocol snmp any
> 6 match protocol http any
> 7 match protocol https any
> class-map match-all dm-qa-app_CLASS
> 2 match virtual-address XXX.XXX.XXX.136 tcp eq www class-map match-all
> dm-qa-ivr_CLASS
> 2 match virtual-address XXX.XXX.XXX.138 tcp eq 5002 class-map
> match-all dm-qa-socket_CLASS
> 2 match virtual-address XXX.XXX.XXX.139 tcp eq 8003 class-map
> match-all dm-qa-web_CLASS
> 2 match virtual-address XXX.XXX.XXX.137 tcp eq www class-map match-all
> dp-qa-app_CLASS
> 2 match virtual-address XXX.XXX.XXX.140 tcp eq www class-map match-all
> dp-qa-ivr_CLASS
> 2 match virtual-address XXX.XXX.XXX.142 tcp eq 5002 class-map
> match-all dp-qa-socket_CLASS
> 2 match virtual-address XXX.XXX.XXX.143 tcp eq 8003 class-map
> match-all dp-qa-web_CLASS
> 2 match virtual-address XXX.XXX.XXX.141 tcp eq www class-map match-any
> recluse_CLASS
> 2 match virtual-address XXX.XXX.XXX.134 tcp eq 9090
> 3 match virtual-address XXX.XXX.XXX.134 tcp eq 10000
>
> policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
> class REMOTE_ACCESS
> permit
>
> policy-map type loadbalance first-match dm-qa-app_POLICY
> class class-default
> serverfarm dm-qa-app
> policy-map type loadbalance first-match dm-qa-ivr_POLICY
> class class-default
> serverfarm dm-qa-ivr
> policy-map type loadbalance first-match dm-qa-socket_POLICY
> class class-default
> serverfarm dm-qa-socket
> policy-map type loadbalance first-match dm-qa-web_POLICY
> class class-default
> serverfarm dm-qa-web
> policy-map type loadbalance first-match dp-qa-app_POLICY
> class class-default
> serverfarm dp-qa-app
> policy-map type loadbalance first-match dp-qa-ivr_POLICY
> class class-default
> serverfarm dp-qa-ivr
> policy-map type loadbalance first-match dp-qa-socket_POLICY
> class class-default
> serverfarm dp-qa-socket
> policy-map type loadbalance first-match dp-qa-web_POLICY
> class class-default
> serverfarm dp-qa-web
> policy-map type loadbalance first-match recluse_POLICY
> class class-default
> serverfarm recluse
>
> policy-map multi-match POLICY
> class recluse_CLASS
> loadbalance vip inservice
> loadbalance policy recluse_POLICY
> loadbalance vip icmp-reply active
> nat dynamic 134 vlan 238
> class dm-qa-app_CLASS
> loadbalance vip inservice
> loadbalance policy dm-qa-app_POLICY
> loadbalance vip icmp-reply active
> nat dynamic 136 vlan 238
> class dm-qa-web_CLASS
> loadbalance vip inservice
> loadbalance policy dm-qa-web_POLICY
> loadbalance vip icmp-reply active
> nat dynamic 137 vlan 238
> class dm-qa-ivr_CLASS
> loadbalance vip inservice
> loadbalance policy dm-qa-ivr_POLICY
> loadbalance vip icmp-reply active
> nat dynamic 138 vlan 238
> class dm-qa-socket_CLASS
> loadbalance vip inservice
> loadbalance policy dm-qa-socket_POLICY
> loadbalance vip icmp-reply active
> nat dynamic 139 vlan 238
> class dp-qa-app_CLASS
> loadbalance vip inservice
> loadbalance policy dp-qa-app_POLICY
> loadbalance vip icmp-reply active
> nat dynamic 140 vlan 238
> class dp-qa-web_CLASS
> loadbalance vip inservice
> loadbalance policy dp-qa-web_POLICY
> loadbalance vip icmp-reply active
> nat dynamic 141 vlan 238
> class dp-qa-ivr_CLASS
> loadbalance vip inservice
> loadbalance policy dp-qa-ivr_POLICY
> loadbalance vip icmp-reply active
> nat dynamic 142 vlan 238
> class dp-qa-socket_CLASS
> loadbalance vip inservice
> loadbalance policy dp-qa-socket_POLICY
> loadbalance vip icmp-reply active
> nat dynamic 143 vlan 238
>
> interface vlan 238
> ip address XXX.XXX.XXX.253 255.255.255.128
> alias XXX.XXX.XXX.252 255.255.255.128
> peer ip address XXX.XXX.XXX.254 255.255.255.128
> access-group input any
> nat-pool 134 XXX.XXX.XXX.134 XXX.XXX.XXX.134 netmask 255.255.255.255
> nat-pool 136 XXX.XXX.XXX.136 XXX.XXX.XXX.136 netmask 255.255.255.255
> nat-pool 137 XXX.XXX.XXX.137 XXX.XXX.XXX.137 netmask 255.255.255.255
> nat-pool 138 XXX.XXX.XXX.138 XXX.XXX.XXX.138 netmask 255.255.255.255
> nat-pool 139 XXX.XXX.XXX.139 XXX.XXX.XXX.139 netmask 255.255.255.255
> nat-pool 140 XXX.XXX.XXX.140 XXX.XXX.XXX.140 netmask 255.255.255.255
> nat-pool 141 XXX.XXX.XXX.141 XXX.XXX.XXX.141 netmask 255.255.255.255
> nat-pool 142 XXX.XXX.XXX.142 XXX.XXX.XXX.142 netmask 255.255.255.255
> nat-pool 143 XXX.XXX.XXX.143 XXX.XXX.XXX.143 netmask 255.255.255.255
> service-policy input POLICY
> service-policy input REMOTE_MGMT_ALLOW_POLICY
> no shutdown
>
> domain dm-qa
> add-object serverfarm dm-qa-app
> add-object serverfarm dm-qa-ivr
> add-object serverfarm dm-qa-socket
> add-object serverfarm dm-qa-web
> add-object rserver dm-qa-app25
> add-object rserver dm-qa-app26
> add-object rserver dm-qa-web21
> add-object rserver dm-qa-web22
> domain recluse
> add-object serverfarm recluse
> add-object rserver recluse1
> add-object rserver recluse2
> domain dp-qa
> add-object serverfarm dp-qa-app
> add-object serverfarm dp-qa-ivr
> add-object serverfarm dp-qa-socket
> add-object serverfarm dp-qa-web
> add-object rserver dp-qa-app85
> add-object rserver dp-qa-app86
> add-object rserver dp-qa-web81
> add-object rserver dp-qa-web82
>
> ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.129
>
>
>
>
>
>
> Robert Teller
> Washington Dental Service
> Network Administrator
> (206) 528-2371
> RTeller at DeltaDentalWa.com <mailto:RTeller at DeltaDentalWa.com>
>
>
> #########################################################
> The information contained in this e-mail and subsequent attachments may
> be privileged,
> confidential and protected from disclosure. This transmission is
> intended for the sole
> use of the individual and entity to whom it is addressed. If you are
> not the intended
> recipient, any dissemination, distribution or copying is strictly
> prohibited. If you
> think that you have received this message in error, please e-mail the
> sender at the above
> e-mail address.
> #########################################################
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list