Device Manager GUI Guide vA4(1.1), Cisco ACE 4700 Series Application Control Engine Appliance
Index
Downloads: This chapterpdf (PDF - 847.0KB) The complete bookPDF (PDF - 14.95MB) | Feedback

Index

Table Of Contents

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W -

Index

A

acceleration

configuring 3-54

configuring globally on ACE 11-9

overview 11-2

traffic policies 11-2

typical configuration flow 11-2

access control, configuring on VLAN interfaces 8-13, 8-16

account password 1-5

accounts

see also users

user, managing 13-7

ACE

class map

match conditions 10-9

parameter maps 6-1

policy map

configuring 10-33

rules and actions 10-35

traffic policies 10-2

ACE appliance

licenses

configuration 2-32

importing 2-28

managing 2-27

removing 2-31

statistics 2-32

updating 2-30

viewing 2-28

parameter maps 6-1

policy maps 10-33

traffic policies 10-2

ACE Appliance Device Manager

button descriptions

in monitor screens 1-15

in tables 1-10

icon descriptions

in monitor screens 1-15

in tables 1-10

inoperative GUI, verifying 14-10

logging in 1-3

overview 1-5

password, changing 1-5

reloading 14-10

table

buttons 1-15

conventions 1-11

customizing 1-13

icons 1-15

terminology 1-19

verifying GUI operational status 14-10

ACE appliance server

configuring attributes 13-36

polling, enabling 13-36

statistics 13-35

ACL

configuration overview 2-51

configuring

EtherType attributes 2-58

extended ACL attributes 2-54

for VLANs 8-13, 8-16

object groups 2-61

definition GL-1

deleting 2-60

objects

ICMP service parameters 2-66

IP addresses 2-62

protocols 2-63

subnet objects 2-62

TCP/UDP service parameters 2-64

resequencing 2-58

viewing by context 2-60

ACL object group

configuring 2-61

network objects

IP addresses 2-62

subnet objects 2-62

service objects

ICMP service parameters 2-66

protocols 2-63

TCP/UDP service parameters 2-64

action, setting for policy maps 10-35

action list

application acceleration, configuring 11-3

configuration overview 10-80

header insertion, rewrite, and deletion 10-81

HTTP header modify, configuring 10-80

optimization configuration options 3-56, 11-4

SSL header insert 10-86

SSL URL rewrite 10-84

activate

definition GL-1

real servers 4-8

virtual servers 3-60

adding

domain objects 13-35

domains 13-33

new users 13-8

resource classes 2-36

roles 13-28

SSL

parameter map cipher info 7-21

admin

changing passwords 13-13

logging in for the first time 1-4

menu options 13-2

Admin context, first virtual context 2-2

administrative distance, definition GL-1

Admin user, add to context 2-6

advanced editing mode 1-13

AES, definition GL-1

all-match policy map 10-33

All Virtual Contexts table 2-73

application acceleration

configuring 3-54

configuring globally on ACE 11-9

monitoring 12-7

overview 11-2

traffic policies 11-2

typical configuration flow 11-2

application protocol inspection

ILS 10-7

limitations 10-6

NAT and PAT support 10-6

SCCP 10-7

SIP 10-7

standards 10-6

supported protocols 10-6

archive

directory structure and filenames 2-44

naming convention of context files 2-43

overview of configuration 2-43

ARP

configuring static ARP 8-17

definition GL-1

attributes

BVI interfaces 8-20

DNS probes 4-37

Echo-TCP probes 4-37

Finger probes 4-38

for sticky group types 5-10

FTP probes 4-39

health monitoring 4-33

high availability 9-8

HTTP content sticky group 5-11

HTTP cookie sticky group 5-12

HTTP header sticky group 5-12

HTTP parameter maps 6-8

HTTP probes 4-39

HTTPS probes 4-41

IMAP probes 4-43

IP netmask sticky group 5-13

Layer 3/Layer 4 management class map match conditions 10-14

Layer 4 payload sticky group 5-13

parameter map

connection 6-2

DNS 6-23

generic 6-7

optimization 6-11

RTSP 6-18

SIP 6-19

Skinny 6-21

POP probes 4-44

predictor method 3-42, 4-21

RADIUS

sticky groups 5-14

RADIUS probes 4-45

real servers 4-5

resource classes 2-34

RTSP

header sticky groups 5-14

probes 4-46

scripted probes 4-47

server farms 3-35, 4-12

SIP-TCP probes 4-48

SIP-UDP probes 4-49

SMTP probes 4-50

SNMP 2-19

SNMP probes 4-50

SSL

certificate bulk import 7-10

certificate export 7-17

certificate import 7-9

key export 7-18

key pair bulk import 7-14

key pair import 7-13

parameter map cipher info 7-21

SSL initiation

for virtual servers 3-50

SSL termination

for virtual servers 3-18

sticky group 5-8

TCP probes 4-51

Telnet probes 4-52

UDP probes 4-53

virtual contexts 2-10

virtual servers 3-8

VLAN interfaces 8-8

audience, intended iii-xiii

auth group certificate, configuring for SSL 7-30

auto-synchronization of contexts 2-68

B

backup

archive directory structure and filenames 2-44

configuring device configuration 2-46

defaults 2-45

guidelines and limitations of 2-44

overview of configuration 2-43

bandwidth optimization, configuring 3-55

bulk import

SSL certificate attributes 7-10

SSL key pair attributes 7-14

button descriptions

common buttons 1-8

in monitor screens 1-15

in tables 1-10

BVI, definition GL-1

BVI interfaces

attributes 8-20

configuring 8-19

secondary IP groups for 8-20

viewing by context 8-21

C

caution, when allocating resources 2-36

certificate

exporting for SSL 7-16

importing for SSL 7-8

overview of SSL 7-6

certificate chain, definition GL-1

certificate signing request (CSR), definition GL-2

chain group certificate, configuring for SSL 7-24

chain group parameters, configuring for SSL 7-24

changeto command 13-15

changing

account password 1-5

admin password 13-13

login password 1-5

role rules 13-31

user passwords 13-13

checkpoint, configuration

creating 2-40

deleting 2-41

displaying 2-42

rolling back to 2-42

Cisco

security guidelines iii-xvii

What's New iii-xvii

class map

ACE device support 10-9

configuring 10-8

definition GL-2

deleting 10-8, 10-10

match conditions

for deep packet inspection 10-24

for FTP command inspection 10-29

for Layer 7 load balancing 10-15

for management traffic 10-13

for network traffic 10-11

generic server load balancing 10-18

Layer 7 SIP deep packet inspection 10-30

RADIUS server load balancing 10-19

RTSP server load balancing 10-20

SIP server load balancing 10-22

match types 10-11, 10-13, 10-15, 10-24, 10-29

overview 3-1, 4-1, 10-2, 10-3

setting match conditions 10-10

use with real servers 4-3

virtual-address match type attributes 10-11

command inspection class maps, setting match conditions 10-29

configuration

auto-synchronizing 2-68

backup of 2-46

CLI synchronization status 2-69

high-level flow 1-17

overview 1-17

restore of 2-49

synchronizing

for high availability 9-7

virtual context 2-68

task overview 1-17

viewing status 2-69

configuration attributes

extended ACL 2-55

health monitoring 4-33

high availability 9-8

HTTP return code maps 4-28

parameter map

connection 6-2

DNS 6-23

generic 6-7

HTTP 6-8

optimization 6-11

RTSP 6-18

SIP 6-19

Skinny 6-21

predictor method 3-42, 4-21

probe

DNS 4-37

Echo-TCP 4-37

Finger 4-38

FTP 4-39

HTTP 4-39

HTTPS 4-41

IMAP 4-43

POP 4-44

RADIUS 4-45

RTSP 4-46

scripted 4-47

SIP-TCP 4-48

SIP-UDP 4-49

SMTP 4-50

SNMP 4-50

TCP 4-51

Telnet 4-52

UDP 4-53

real server 4-5

server farm 3-35, 4-12

SNMP users 2-21

SSL initiation 3-50

SSL termination 3-18

sticky group 5-8

sticky type 3-47

syslog 2-13

virtual context system options 2-10

virtual server 3-8

configuration checkpoint and rollback service

creating configuration checkpoint 2-40

deleting configuration checkpoint 2-41

displaying checkpoint information 2-42

overview 2-40

rolling back configuration 2-42

configuration synchronization for redundancy 9-5

configuring

acceleration 3-54

ACLs 2-52, 8-13, 8-16

EtherType 2-58

extended 2-54

object groups 2-61

resequencing 2-58

action lists for application acceleration 11-3

action lists for HTTP header modify 10-80

bandwidth optimization 3-55

BVI interfaces 8-19

class map match conditions

generic server load balancing 10-18

Layer 7 SIP deep packet inspection 10-30

RADIUS server load balancing 10-19

RTSP server load balancing 10-20

SIP server load balancing 10-22

class maps 10-8, 10-11

DHCP relay 8-13, 8-19

DNS probe expect address 4-53

gigabit Ethernet interfaces 8-4

health monitoring general attributes 4-33

high availability

groups 9-11, 9-13

host tracking 9-18

interface tracking 9-17

peer host probes 9-20

peers 9-8

synchronization 9-5

tracking and failure detection 9-16

host probes for high availability 9-19

HTTP probe headers 4-54

HTTP retcode maps 4-27

HTTPS probe headers 4-54

latency optimization 3-55

Layer 7 default load balancing 3-51

load balancing

for real servers 4-4

for server farms 4-11

on virtual servers 3-29

sticky groups 5-7

management VLAN 2-2

NAT 3-58, 8-17

object groups

ICMP service parameters 2-66

IP addresses 2-62

protocols 2-63

subnet objects 2-62

TCP/UDP service parameters 2-64

OID for SNMP probes 4-56

optimization 3-54

action lists 3-56

traffic policies 11-6

parameter maps

connection 6-2

DNS 6-22

generic 6-7

HTTP 6-8

optimization 6-11, 11-6

RTSP 6-18

SIP 6-19

Skinny 6-21

PAT 8-17

policy map rules and actions 10-35

generic server load balancing 10-50

Layer 3/Layer 4 management traffic policy maps 10-42

Layer 3/Layer 4 network traffic policy maps 10-36

Layer 7 deep packet inspection policy maps 10-63

Layer 7 FTP command inspection policy maps 10-69

Layer 7 HTTP optimization policy maps 10-76

Layer 7 server load-balancing traffic policy maps 10-43

Layer 7 SIP deep packet inspection 10-72

Layer 7 Skinny deep packet inspection 10-74

RADIUS server load balancing 10-53

RDP server load balancing 10-61

RTSP server load balancing 10-55

SIP server load balancing 10-58

port channel interfaces 8-2

probe expect status 4-55

protocol inspection 3-19

real servers 4-9

resource classes 2-36

server farm predictor method 4-20

shared objects 3-10

SNMP 2-19

communities 2-20

notification 2-25

on virtual contexts 2-19

trap destination hosts 2-23

users 2-21

SSL

chain group parameters 7-24

CSR parameters 7-25

for virtual servers 3-17

parameter map 7-19

parameter map cipher attributes 7-21

proxy service 7-27

static ARP for VLANs 8-17

static routes 8-22

sticky groups 3-47, 5-7

sticky statics 5-15

switch mode 2-6

syslog

logging 2-12

log hosts 2-16

log messages 2-17

log rate limits 2-18

traffic policies 10-1

virtual context 2-1, 2-2, 2-7, 2-72

expert options 2-68

global policies 2-26

policy maps 10-33

primary attributes 2-11

system attributes 2-10

virtual server

configuration overview 3-2

default Layer 7 load balancing 3-51

Layer 7 load balancing 3-29

NAT 3-58

properties 3-11

protocol inspection 3-19

shared objects 3-9

SSL termination service 3-17

VLAN

interface access control 8-13, 8-16

interface options 8-14

interface policy maps 8-13, 8-15

interfaces 8-8

connection parameter map

attributes 6-2

configuring 6-2

TCP options 6-6

using 6-1

contact information, SNMP 2-19

context

archive naming convention for archive 2-43

auto-synchronization of CLI configuration changes 2-68

CLI synchronization state 2-69

configuration options 2-8

configuring 2-7

BVI interfaces 8-19

global policies 2-26

load balancing 3-1

primary attributes 2-11

static routes 8-22

virtual servers 3-1

VLAN interfaces 8-8

creating 2-2

definition GL-6

deleting 2-73

editing 2-72

modifying 2-72

synchronizing configurations, automatic 2-68

synchronizing configurations, manual 2-71

viewing all 2-73

control 8-13

controlling access to CiscoACE appliance 13-3

conventions

in ACE Appliance Device Manager, table 1-11

in this guide iii-xvi

radio buttons, dropdown lists 2-7

cookie

client 5-3

sticky client identification 5-3

copying

ACE licenses 2-28

CPU

monitoring 12-6, 12-7

monitoring ACE usage of 13-36

creating

ACLs 2-52

diagnostic packages 14-1

domains 13-33

user accounts 13-8

user roles 13-28

virtual contexts 2-2

CSR

configuring parameters 7-25

definition GL-2

generating for SSL 7-26

D

Data Encryption Standard (DES), definition GL-2

deep packet inspection

class maps 10-24

policy map options 10-40

SIP

class map match conditions 10-30

policy map rules and actions 10-72

Skinny policy map rules and actions 10-74

default user 13-5

deleting

ACLs 2-60

active users 13-11

class map in use 10-8

domain objects 13-35

domains 13-34

files off the ACE 14-8

high availability groups 9-15

host probes for high availability 9-20

Lifeline packages 14-4

peer host probes 9-21

resource classes 2-38

role rules 13-31

SSL objects 7-2

user accounts 13-10

user roles 13-30

virtual contexts 2-73

DES, definition GL-2

device

using ping 12-14

device management, monitoring 13-2

DFP, definition GL-2

DHCP relay, configuring 8-13, 8-19

diagnostic tools

file browser 14-6

disk usage, monitoring ACE 13-36

displaying

current user sessions 13-11

list of users 13-8

network domains 13-32

user roles 13-27

users who have a selected role 13-28

distinguished name, definition GL-2

DNS

application protocol support 10-6

configuring protocol inspection 3-19

parameter map

attributes 6-23

configuring 6-22

DNS probe

attributes 4-37

expect address 4-53

document

intended audience iii-xiii

organization iii-xiii

documentation

obtaining iii-xvii

related iii-xiv

domains

attributes 13-33

creating 13-33

deleting 13-34

displaying 13-32

editing 13-34

guidelines 13-31

managing 13-31

understanding 13-7

downloading, files to ACE 14-7

Dynamic Feedback Protocol (DFP), definition GL-2

E

Echo-TCP probe attributes 4-37

e-commerce

applications, sticky requirements 5-1

using stickiness 5-4

editing

domains 13-34

role rules 13-31

user account info 13-10

user roles 13-30

encryption, password 13-9

error

monitoring, list of polling messages 12-2

Ethernet interfaces, configuring 8-4

EtherType ACL, configuring 2-58

event, definition GL-2

event type, definition GL-2

exception, definition GL-2

expert options for virtual contexts 2-68

exporting

SSL

certificates 7-16

key pair 7-18

extended ACL

configuration options 2-55

resequencing entries 2-58

F

fail action

real server in a server farm 3-35, 4-12

reassign 3-36, 4-13

failover 9-3

fault, definition GL-2

fault tolerance

groups 9-2

task overview 9-6

file browser

deleting files 14-8

downloading files 14-7

renaming files 14-8

tasks 14-6

uploading files 14-7

viewing files 14-9

File Transfer Protocol (FTP), definition GL-2

filtering tables 1-12

Finger probe attributes 4-38

first-match policy map 10-33

forcing logouts 13-12

FTP

application protocol support 10-6

configuring protocol inspection 3-20

definition GL-2

FTP command inspection class map match conditions 10-29

FTP probe attributes 4-39

FTP strict, and RFP standards 10-69

FT VLAN 9-4

G

gateway, default 2-3

generic parameter map

attributes 6-7

configuring 6-7

generic server load balancing

class map match conditions 10-18

policy map rules and actions 10-50

getting started

flowchart 1-17

task overview 1-17

global acceleration and optimization 11-9

global policies, configuring for virtual contexts 2-26

GMT 1-15, 12-3

graph

icons for 1-15

maximum number of statistics 1-15

viewing results 1-15

graphs

using GMT 1-15

value delta per time 12-3

guidelines

Lifeline 14-2

guidelines for managing

domains 13-31

user accounts 13-8

user roles 13-14

H

hash load-balancing methods

address 4-2

cookie 4-2

header 4-2

url 4-2

header

insertion 10-44

rewrite 10-44

header insertion

configuring HTTP 10-81

HTTP 10-81

SSL 10-86

health monitoring

configuring 4-30

for real servers 4-31

general attributes 4-33

inband 3-38, 4-14

overview 4-29

probe types 4-32

TCL scripts 4-30

heartbeat packets 9-3

high availability

clearing

links between ACE appliances 9-10

pairs 9-10

configuration attributes 9-8

configuring

groups 9-11

host probes 9-19

host tracking process 9-18

interface tracking process 9-17

overview 9-2

peer host probes 9-20

peers 9-8

deleting

groups 9-15

host probes 9-20

peer host probes 9-21

failover detection 9-16

importance of synchronizing configurations 9-7

modifying groups 9-13

protocol 9-2

switching over a group 9-15

task overview 9-6

tracking status 9-16

Hot Standby Router Protocol (HSRP), definition GL-3

HSRP, definition GL-3

HTTP

application protocol support 10-6

configuring

parameter maps 6-8

retcode maps 4-27

content

sticky group attributes 5-11

sticky type 5-3

cookie

sticky group attributes 5-12

sticky type 5-3

header

sticky client identification 5-4

sticky group attributes 5-12

sticky type 5-4

parameter map attributes 6-8

parameter maps 6-1, 6-8

probe

return code map configuration options 4-28

probe attributes 4-39

HTTP compression, enabling 3-49, 3-52

HTTP deep packet inspection class map match conditions 10-24

HTTP header

configuring 10-81

deletion 10-81

insertion 10-44, 10-81

rewrite 10-44, 10-81

HTTP optimization action list, configuring 11-3

HTTP optimization policy map rules 10-77

HTTP probe, configuring headers 4-54

HTTP protocol inspection

class map match conditions 10-25

conditions and options 3-22

policy map rules 10-64

HTTPS probe

attributes 4-41

configuring headers 4-54

HTTPS protocol inspection conditions and options 3-22

I

ICMP

application protocol support 10-6, 10-7

definition GL-3

ICMP service parameters, for object groups 2-66

icon descriptions

in monitor screens 1-15

in tables 1-10

IETF trap

SNMP 2-19

ILS inspection 10-7

IMAP probe attributes 4-43

importing

ACE licenses 2-28

SSL

certificates 7-8

key pair 7-12

inband health monitoring 3-38, 4-14

connection failure count 3-38, 4-14

reset timeout 3-38, 4-15

resume service 3-39, 4-15

installing ACE appliance licenses 2-28

intended audience of this document iii-xiii

interface

ACE Appliance Device Manager 1-5

definition GL-3

gigabit Ethernet, configuring 8-4

monitoring 12-8

VLAN options, configuring 8-14

Internet Control Message Protocol (ICMP), definition GL-3

IP addresses, for object groups 2-62

IP netmask

for sticky client identification 5-4

sticky group attributes 5-13

sticky type 5-4

K

KAL-AP

configuring secure 4-57

primary server farm out of service 3-14, 10-38

key pair

exporting for SSL 7-18

generating 7-15

importing for SSL 7-12

SSL 7-11

L

latency optimization, configuring 3-55

Layer 3/Layer 4

management traffic

class map match conditions 10-13

policy map rules and actions 10-42

network traffic class maps, setting match conditions 10-11

network traffic policy maps

setting rules and actions 10-36

Layer 4 payload

sticky group attributes 5-13

sticky type 5-4

Layer 7

configuring load balancing for HTTP/HTTPS 3-29

default load balancing on virtual servers 3-51

FTP command inspection class maps, setting match conditions 10-29

FTP command inspection policy maps, setting rules and actions 10-69

HTTP deep packet inspection class maps, setting match conditions 10-24

HTTP deep packet inspection policy maps, setting rules and actions 10-63

HTTP optimization policy maps, setting rules and actions 10-76

load balancing

rule types 3-30

setting match conditions 3-29

load-balancing class maps, setting match conditions 10-15

load-balancing policy maps, setting rules and actions 10-43

SIP deep packet inspection

class map match conditions 10-30

policy map rules and actions 10-72

Skinny deep packet inspection policy map rules and actions 10-74

SLB policy actions

HTTP header insertion 10-44

least bandwidth, load-balancing method 4-3

leastconns, load-balancing method 4-3

least loaded, load-balancing method 4-3

licenses

importing 2-28

installing 2-28

managing for ACE appliances 2-27

removing 2-31

updating 2-30

viewing information about 2-32

Lifeline

creating a package from the CLI 14-5

creating a package from the DM GUI 14-3

deleting packages 14-4

downloading a package 14-3

guidelines for use 14-2

maximum packages 14-2

load balancing

configuration overview 3-1

configuring

for real servers 4-4

for server farms 4-11

on virtual servers 3-29

real servers 4-1

server farms 4-1

sticky groups 5-7

with virtual servers 3-2

definition GL-3

hash address 4-2

hash cookie 4-2

hash header 4-2

hash secondary cookie 4-2

hash url 4-2

Layer 7 3-29

least bandwidth 4-3

leastconns 4-3

least loaded 4-3

monitoring 12-5

predictors 4-2

response 4-3

roundrobin 4-3

load-balancing class maps

Layer 7 10-15

setting match conditions 10-15

location, SNMP 2-19

logging

SIP packets syslog 6-19

syslog levels 2-12

logging into ACE Appliance Device Manager 1-3

M

Management Information Base (MIB), definition GL-3

management VLAN, adding 2-2

managing

domains 13-31

real servers 4-7

resource classes 2-33

user accounts 13-7

user roles 13-13

virtual contexts 2-68

virtual servers 3-59

match condition

class map

generic server load balancing 10-18

Layer 7 SIP deep packet inspection 10-30

RADIUS server load balancing 10-19

RTSP server load balancing 10-20

setting for 10-10

SIP server load balancing 10-22

match conditions

configuring for class maps 10-11

for Layer 7 load balancing 3-29

for optimization 3-56

for optimization policy maps 10-77

HTTP optimization 10-77

HTTP protocol inspection 10-25, 10-64

Layer 7 load-balancing class maps 10-15

Layer 7 load-balancing traffic policy maps 10-44

network management class maps 10-13

MD5, definition GL-3

memory usage, monitoring ACE 13-36

menus, understanding 1-7

Message Digest 5 (MD5), definition GL-3

MIB, definition GL-3

MIME types, supported 6-23

modifying

domains 13-34

high availability groups 9-13

real servers 4-9

resource classes 2-37

user accounts 13-10

user roles 13-30

virtual contexts 2-72

monitoring

buttons used in graphs 1-15

CPU statistics 12-7

CPU statistics for single virtual context 12-6

interfaces 12-8

load balancing 12-5

prerequisites 12-2

probes 12-11

real servers 12-8

statistics 13-35

viewing results, description 1-15

multi-match policy map 10-33

N

Name Address Translation

configuring 8-17

definition GL-3

NAT

application protocol inspection support 10-6

configuring 8-17

configuring on virtual servers 3-58

definition GL-3

network management traffic

class map match conditions 10-13

policy maps, configuring rules and actions 10-42

network object group

configuring 2-61

IP addresses 2-62

subnet objects 2-62

O

object

configuring for virtual servers 3-9

definition GL-4

object group

configuring 2-61

ICMP service parameters 2-66

IP addresses 2-62

protocols 2-63

subnet objects 2-62

TCP/UDP service parameters 2-64

obtaining

documentation iii-xvii

support iii-xvii

operational states of real servers 4-10

operations privileges 13-6

optimization

configuration overview 11-6

configuring 3-54

action lists 3-56

globally on ACE 11-9

match conditions 3-56

parameter maps 6-11, 11-6

policy map rules and actions 10-76

traffic policies 11-6

functionality overview 11-2

match condition types 10-77

match criteria 3-56

overview 11-2

parameter maps 6-1

traffic policies 11-2

typical configuration flow 11-2

optimization parameter map attributes 6-11

organization of this document iii-xiii

overview

ACL configuration 2-51

admin functions 13-1

application acceleration 11-2

class map 10-2

configuration 1-17

configuration tasks 1-17

load-balancing predictors 4-2

optimization 11-2

optimization traffic policies 11-6

parameter maps 6-1

policy map 10-2

protocol inspection 10-5

real server 4-3

resource classes 2-33

server farm 4-3, 4-4

server health monitoring 4-29

SSL 7-1

stickiness 5-1

sticky table 5-6

traffic policies 10-1

using SSL keys and certificates 7-4

virtual contexts 2-2

P

parameter expander functions 6-16

parameter map

ACE device support 6-1

attributes

connection 6-2

DNS 6-23

generic 6-7

HTTP 6-8

optimization 6-11

RTSP 6-18

SIP 6-19

Skinny 6-21

configuring

connection 6-2

DNS 6-22

for SSL 7-19

generic 6-7

HTTP 6-8

optimization 6-11, 11-6

RTSP 6-18

SIP 6-19

Skinny 6-21

SSL cipher 7-21

overview 6-1

types of 6-1

using with

policy maps 6-1

using with Layer 3/Layer 4 policy maps 6-1, 10-5

viewing list of 6-25

parameter map redirect, configuring for SSL 7-21

parent rows, in screens and tables 1-11

password, encrypting user 13-9

passwords, changing

account 1-5

admin 13-13

in login screen 1-5

PAT

configuring 8-17

definition GL-4

peers, high availability 9-8

PEM, definition GL-4

ping

definition GL-4

testing 12-14

PKCS, definition GL-4

policy map 10-35

all-match 10-33

associating with VLAN interface 8-13

configuring

in virtual contexts 10-33

on VLAN interfaces 8-15

deep packet inspection options 10-40

first-match 10-33

Layer 3/Layer 4

management traffic, setting rules and actions 10-42

network traffic, setting rules and actions 10-36

Layer 7

FTP command inspection, setting rules and actions 10-69

HTTP deep packet inspection, setting rules and actions 10-63

HTTP optimization, setting rules and actions 10-76

Layer 7 load-balancing traffic

configuring rules and actions 10-43

match condition types 10-44

multi-match 10-33

overview 3-1, 4-1, 10-2, 10-4

rule and action topic reference 10-35

rules and actions

generic server load balancing 10-50

Layer 7 SIP deep packet inspection 10-72

Layer 7 Skinny deep packet inspection 10-74

RADIUS server load balancing 10-53

RDP server load balancing 10-61

RTSP server load balancing 10-55

SIP server load balancing 10-58

setting rules and actions 10-35

polling

enabling 13-36

error states 12-2

failed 12-2

not polled error 12-3

timed out 12-2

troubleshooting 12-5

unknown error 12-3

POP probe attributes 4-44

port

definition GL-4

number, configuring for probes 4-34

Port Address Translation

configuring 8-17

definition GL-4

port channel interfaces

attributes 8-3

configuring 8-2

predictor

hash address 4-2

hash cookie 4-2

hash header 4-2

hash secondary cookie 4-2

hash url 4-2

least bandwidth 4-3

leastconns 4-3

least loaded 4-3

response 4-3

roundrobin 4-3

predictor method

attributes 3-42, 4-21

configuring for server farms 4-20

prerequisites, monitoring 12-2

primary attributes for virtual contexts 2-11

privileges, understanding 13-6

probe

attribute tables 4-36

configuring expect status 4-55

configuring for health monitoring 4-31

configuring SNMP OIDs 4-56

DNS 4-37

Echo-TCP 4-37

Finger 4-38

FTP 4-39

HTTP 4-39

HTTPS 4-41

IMAP 4-43

monitoring 12-11

POP 4-44

port number 4-34

RADIUS 4-45

RTSP 4-46

scripted 4-47

scripting using TCL 4-30

SIP-TCP 4-48

SIP-UDP 4-49

SMTP 4-50

SNMP 4-50

TCP 4-51

Telnet 4-52

types for real server monitoring 4-32

UDP 4-53

process, for traffic classification 10-2

process uptime, monitoring ACE 13-36

protocol inspection

configuring for virtual servers 3-19

configuring match criteria 3-20

HTTP/HTTPS conditions and options 3-22

overview 10-5

SIP conditions and options 3-26

protocol names and numbers 2-57

protocols for object groups 2-63

proxy service, configuring for SSL 7-27

R

RADIUS

probe attributes 4-45

server load balancing

class map match conditions 10-19

policy map rules and actions 10-53

sticky group attributes 5-14

sticky type 5-5

RBAC, definition GL-4

RDP server load balancing policy map rules and actions 10-61

real server

activating 4-8

adding to server farm 4-17

check health 12-11

configuration attributes 4-5

configuring load balancing 4-1, 4-4

definition GL-4

health monitoring 4-29, 4-31

modifying 4-9

monitoring 12-8

operational states 4-10

overview 4-3

suspending 4-8

viewing all 4-10

Real Time Streaming Protocol (RTSP), definition GL-5

redundancy

configuration requirements 9-5

configuration synchronization 9-5

definition GL-5

FT VLAN 9-4

protocol 9-2

task overview 9-6

reloading the Device Manager GUI 14-10

removing

ACE appliance licenses 2-31

domains 13-34

rules from roles 13-31

renaming files on ACE 14-8

resource

allocation constraints 2-34

list of 12-13

viewing usage 12-12

resource class

adding 2-36

allocation constraints 2-34

attributes 2-34

configuring 2-36

definition GL-5

deleting 2-38

managing 2-33

modifying 2-37

overview 2-33

viewing use by contexts 2-39

response load-balancing method 4-3

restore

configuring device configuration 2-49

defaults 2-45

guidelines and limitations of 2-44

overview of configuration 2-43

rewrite

HTTP header 10-81

SSL URL 10-84

role

definition GL-6

deleting 13-30

editing 13-30

options 13-9

understanding 13-5

role-based access control

containment overview 13-4

definition GL-4

users 13-7

roundrobin, load-balancing predictor 4-3

RSA, definition GL-5

RTSP

application protocol support 10-7

definition GL-5

header

sticky group attributes 5-14

sticky type 5-5

parameter map

attributes 6-18

configuring 6-18

probe attributes 4-46

server load balancing

class map match conditions 10-20

policy map rules and actions 10-55

rules

changing 13-31

setting for policy maps 10-35

S

SCCP inspection 10-7

screens, understanding 1-7

scripted probe

attributes 4-47

overview 4-30

secondary IP groups

BVI interfaces 8-20

VLAN interfaces 8-10

secure KAL-AP 4-57

security guidelines, Cisco iii-xvii

server

activating

real 4-8

virtual 3-60

managing 4-7

state 12-8

suspending

real 4-8

virtual 3-60

server farm

adding real servers 4-17

configuration attributes 3-35, 4-12

configuring

HTTP return error-code checking 4-27

load balancing 4-1, 4-11

predictor method 4-20

definition GL-5

fail action for real server in 3-35, 4-12

fail action reassign across VLANs 3-36, 4-13

health monitoring 4-29

inband health monitoring 3-38, 4-14

overview 4-3, 4-4

predictor method attributes 3-42, 4-21

primary out of service to GSS 3-14, 10-38

sticky enabled on backup 5-9

viewing list of 4-29

Server Load Balancer (SLB), definition GL-5

server load balancing

generic class map match conditions 10-18

generic policy map rules and actions 10-50

RADIUS class map match conditions 10-19

RADIUS policy map rules and actions 10-53

RDP policy map rules and actions 10-61

RTSP class map match conditions 10-20

RTSP policy map rules and actions 10-55

SIP class map match conditions 10-22

SIP policy map rules and actions 10-58

service, definition GL-5

service object group

configuring 2-61

ICMP service parameters 2-66

protocols 2-63

TCP/UDP service parameters 2-64

setup sequence for SSL 7-5

shared object

configuring 3-10

configuring for virtual servers 3-9

when deleting virtual servers 3-10

Simple Message Transfer Protocol (SMTP), definition GL-5

SIP

configuring protocol inspection 3-26

deep packet inspection

class map match conditions 10-30

policy map rules and actions 10-72

header sticky type 5-5

logging packets in the syslog 6-19

parameter map

attributes 6-19

configuring 6-19

protocol inspection conditions and options 3-26

server load balancing

class map match conditions 10-22

policy map rules and actions 10-58

SIP inspection 10-7

SIP-TCP probe attributes 4-48

SIP-UDP probe attributes 4-49

Skinny

deep packet inspection policy map rules and actions 10-74

parameter map

attributes 6-21

configuring 6-21

SLB, definition GL-5

SMTP

definition GL-5

probe attributes 4-50

SNMP

configuration attributes 2-19

configuring

communities 2-20

notification 2-25

trap destination hosts 2-23

users 2-21

contact information 2-19

credentials missing 12-2

IETF trap 2-19

location 2-19

probe attributes 4-50

protocol and monitoring 12-2

setting up for monitoring 12-2

trap destination host configuration 2-23

trap source interface 2-19

unmask community 2-19

user configuration attributes 2-21

special characters for matching string expressions 10-79

special configuration file, definition GL-5

SSL

certificate

bulk importing attributes 7-10

exporting attributes 7-17

ignore authentication failure errors 7-20

importing attributes 7-9

overview 7-4

redirect authentication failure 7-21

using 7-6

configuring

auth group certificates 7-30

chain group certificates 7-24

chain group parameters 7-24

CSR parameters 7-25

for virtual servers 3-17

parameter map 7-19

parameter map cipher attributes 7-21

parameter map redirect attributes 7-21

proxy service 7-27

editing parameter map cipher info 7-21

exporting

certificates 7-16

key pairs 7-18

keys 7-18

generating

CSR 7-26

key pair 7-15

header insertion, configuring 10-85

importing

certificates 7-8

key pairs 7-12

key pair

bulk importing attributes 7-14

exporting 7-18

generating 7-15

importing 7-12

importing attributes 7-13

overview 7-4

using 7-11

load balancing on SSL cipher or cipher strength 3-32, 10-46

objects, deleting 7-2

overview 7-1

parameter map cipher table 7-21

procedure overview 7-4

sample certificate and key pair 7-7

setup sequence 7-5

URL rewrite, configuring 10-83

SSL certificate, using 7-6

SSL header insertion, configuring 10-85

SSL key, using 7-11

SSL setup sequence, using 7-5

static ARP, configuring 8-17

static route

configuring 8-22

viewing by context 8-23

statistics

ACE 13-35

collection 12-10, 13-35

monitoring 13-35

viewing ACE 13-35

status for the ACE appliance 13-35

stickiness

cookie-based 5-3

HTTP content 5-3

HTTP cookie 5-3

HTTP header 5-4

IP netmask 5-4

Layer 4 payload 5-4

overview 5-1

RADIUS 5-5

RTSP header 5-5

SIP header 5-5

sticky group 5-5

sticky table 5-6

types 5-2

sticky

cookies for client identification 5-3

definition GL-6

e-commerce application requirements 5-1

enabled on backup server farm 5-9

groups 5-5

HTTP header for client identification 5-4

IP netmask for client identification 5-4

overview 5-2

table 5-6

types 5-2

sticky group

attributes

HTTP content 5-11

HTTP cookie 5-12

HTTP header 5-12

IP netmask 5-13

Layer 4 payload 5-13

RADIUS 5-14

RTSP header 5-14

configuration attributes 3-47, 5-8

configuring load balancing 5-7

configuring sticky statics 5-15

overview 5-5

type-specific attributes 5-10

viewing 5-15

sticky statics, configuring for sticky groups 5-15

sticky table overview 5-6

sticky type

HTTP content 5-3

HTTP cookie 5-3

HTTP header 5-4

IP netmask 5-4

Layer 4 payload 5-4

RADIUS 5-5

RTSP header 5-5

SIP header 5-5

stopping active user sessions 13-12

subnet objects, for object groups 2-62

support

obtaining iii-xvii

See Lifeline 14-3, 14-5

suspend

definition GL-6

real servers 4-8

virtual servers 3-60

switch mode, configuring 2-6

switchover 9-3

synchronizing

all configurations 2-71

configurations for high availability 9-7

context configurations and high availability 2-70

contexts created in CLI 3-2

contexts created in CLI (automatically) 3-5

contexts created in CLI (manually) 3-5

individual configurations, manual 2-71

manually synchronizing virtual servers created in CLI 2-71

virtual context configurations 2-68

syslog

configuration attributes 2-13

configuring

logging 2-12

log hosts 2-16

log messages 2-17

log rate limits 2-18

logging levels 2-12

T

table

button descriptions 1-10

conventions 1-11

customizing 1-13

filtering information in 1-12

ICMP type numbers and names 2-67

icon descriptions 1-10

parent rows 1-11

probe attributes 4-36

protocol names and numbers 2-57

sticky group attributes 5-10

topic reference for policy map rules and actions 10-35

takeover, forcing in high availability 9-15

task overview, redundancy 9-6

TCL script

health monitoring 4-30

overview 4-30

TCP

definition GL-6

options for connection parameter maps 6-6

probe attributes 4-51

service parameters for object groups 2-64

Telnet probe attributes 4-52

terminating active user sessions 13-12

terminology used in ACE Appliance Device Manager 1-19

threshold, definition GL-6

topic reference for configuring rules and actions 10-35

traceroute, definition GL-6

tracking user actions 12-14

traffic class components 10-3

traffic classification process 10-2

traffic policy

ACE device support 10-2

components 10-4

configuring 10-1

for application acceleration 11-2

for optimization 11-2

lookup order 10-4

overview 10-1

supported actions 10-2

Transfer Control Protocol (TCP), definition GL-6

trap source interface, SNMP 2-19

troubleshooting

polling 12-5

using file browser 14-6

types of users 13-5

U

UDP probe attributes 4-53

UDP service parameters, for object groups 2-64

understanding

domains 13-7

operations privileges 13-6

roles 13-5

unmask community, SNMP 2-19

updating ACE appliance licenses 2-30

uploading

files to ACE 14-7

virtual context configurations 2-71

URL rewrite, configuring 10-83

user roles, definition GL-6

users

active session info 13-11

adding new 13-8

assigned 13-5

default 13-5

default role options 13-9

deleting 13-10

deleting active 13-11

deleting roles 13-30

forcing logoffs 13-12

guidelines for managing 13-8

logging in as 1-4

overview 13-7

types of 13-5

understanding privileges 13-6

using

ACLs 2-51

virtual contexts 2-2

V

value delta per time graph 12-3

verifying GUI operational status 14-10

viewing

ACE appliance licenses 2-28

ACLs by context 2-60

all real servers 4-10

all server farms 4-29

all sticky groups 5-15

all virtual contexts 2-73

all virtual servers 3-61

BVI interfaces by context 8-21

configuration status 2-69

files on the ACE 14-9

license information 2-32

network domains 13-32

parameter maps by context 6-25

polling states in monitoring 12-2

resource class use on contexts 2-39

static routes by context 8-23

virtual server details 3-61

virtual servers 3-59

virtual servers by context 3-59

VLAN interfaces by context 8-14

virtual-address match condition attributes 10-11

virtual context

adding Admin user 2-6

allocate interface VLAN 2-3

configuration options 2-7

configuring 2-1, 2-2

BVI interfaces 8-19

class map match conditions 10-10

class maps 10-8

expert options 2-68

global policies 2-26

load balancing services 3-1

management VLAN 2-2

policy map rules and actions 10-35

policy maps 10-33

primary attributes 2-11

static routes 8-22

system attributes 2-10

VLAN interfaces 8-8

creating 2-2

definition GL-6

deleting 2-73

managing 2-68

modifying 2-72

overview 2-2

synchronizing configurations 2-68, 2-70

using 2-2

viewing

all contexts 2-73

BVI interfaces 8-21

configuration status 2-69

static routes 8-23

VLANS 8-14

Virtual Local Area Network (VLAN), definition GL-6

virtual server

activating 3-60

additional options 3-3

advanced view properties 3-11

and user roles 3-3

basic view properties 3-15

configuration

methods 3-4

recommendations 3-4

configuration subsets 3-8

configuring 3-1, 3-2, 3-7

default Layer 7 load balancing 3-51

in ACE Appliance Device Manager 3-2

in CLI 2-71, 3-2, 3-5

Layer 7 load balancing 3-29

NAT 3-58

optimization 3-54

properties 3-11

protocol inspection 3-19

shared objects 3-9

SSL 3-17

definition GL-6

deleting and shared objects 3-10

managing 3-59

manually synchronizing CLI configurations 2-71

minimum configuration 3-2

RBAC permissions to create, modify, or delete 3-3, 13-27

recommendations for configuring 3-4

shared objects 3-5, 3-9

SSL initiation attributes 3-50

SSL termination attributes 3-18

suspending 3-60

viewing

all 3-61

by context 3-59

details 3-61

servers 3-59

VLAN

allocating interface 2-3

attributes 8-8

configuring 8-8

access control 8-13, 8-16

ACLs 8-13, 8-16

DHCP relay 8-13, 8-19

management VLAN 2-2

NAT 8-17

policy maps 8-13, 8-15

static ARP 8-17

definition GL-6

FT VLAN for redundancy 9-4

interface

access control 8-13, 8-16

configuring 8-8

DHCP relay 8-13, 8-19

NAT pools 8-17

options 8-14

policy maps 8-13, 8-15

secondary IP groups for 8-10

static ARP 8-17

types of 8-9

viewing 8-14

VLAN Trunking Protocol (VTP), definition GL-7

VTP, definition GL-7

VTP domain, definition GL-7

W

Web server, definition GL-7

weight, real server 12-9

weighted roundrobin. See roundrobin