-
null
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to configure parameter maps. Parameter maps provide a means of performing actions on traffic received by the ACE, based on certain criteria such as protocol or connection attributes. After you configure a parameter map, you associate it with a policy map to implement configured behavior.
Table 8-1 describes the parameter maps you can configure using the ACE.
Note When you use the ACE CLI to configure named objects (such as a real server, virtual server, parameter map, class map, health probe, and so on), consider that the Device Manager (DM) supports object names with an alphanumeric string of 1 to 64 characters, which can include the following special characters: underscore (_), hyphen (-), dot (.), and asterisk (*). Spaces are not allowed.
If you use the ACE CLI to configure a named object with special characters that the DM does not support, you may not be able to configure the ACE using DM.
This chapter contains the following sections:
Use this procedure to configure an HTTP parameter map for use with a Layer 3/Layer 4 policy map.
Step 1 Choose Config > Virtual Contexts > context > Load Balancing > Parameter Maps > HTTP Parameter Maps . The HTTP Parameter Maps table appears.
Step 2 Click Add to add a new parameter map, or select an existing parameter map, and then click Edit to modify it. The HTTP Parameter Maps configuration screen appears.
Step 3 In the Parameter Name field, enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters.
Step 4 Enter the information in Table 8-2.
|
|
---|---|
Brief description of the parameter map. Enter a text string with a maximum of 240 alphanumeric characters (A–Z, a–z, 0–9). Spaces and special characters are allowed. Double quotes must be entered as matching pairs. |
|
Check this check box to indicate that the ACE appliance is to be case insensitive. Clear this check box to indicate that the ACE appliance is to be case sensitive. This check box is cleared by default. |
|
Check the check box to require SSL information be inserted for every HTTP GET request. Current functionality only requires that the information be inserted at the first GET request. |
|
Indicate how the ACE appliance is to handle cookies, HTTP headers, and URLs that exceed the maximum parse length:
|
|
Check this check box to enabled persistence rebalance. Persistence is sometimes referred to as a connection keepalive. With persistence rebalance enabled, when successive GET requests result in load balancing that chooses the same policy, the ACE sends the request to the real server used for the last GET request. This behavior prevents the ACE from load balancing every request and recreating the server-side connection on every GET request, producing less overhead and better performance. Another effect of persistence rebalance is that header insertion and cookie insertion, if enabled, occur for every request instead of only the first request. By default, persistence rebalance is enabled. Clear this check box to indicate that this option is disabled. |
|
Check this check box to indicate that the ACE appliance is to reduce the number of open connections on a server by allowing connections to persist and be reused by multiple client connections. If you enable this feature:
|
|
Check this check box to have the ACE drop a connection when it detects a parse error. Clear the check box to disable this option and configure the ACE maintain a connection even when it detects a parse error. This is the default setting. |
|
Check this check box to configure the ACE to allow the presence of a CRLF in the header before the header name, which is inserted for header name continuation purposes. Normally, the ACE considers a CRLF in the header a parse error. When you enable this feature and the ACE encounters a CRLF in the header, the ACE ignores the parse error and allows the Layer 7 connection. Clear the check box to disable this feature and configure the ACE to not allow a CRLF in the header. When the ACE encounters a CRLF, it considers it a parsing error and reacts according to how you set the Enable Drop on Parsing Error field. This is the default setting. |
|
Enter the maximum number of bytes to parse in HTTP content. Valid entries are integers from 1 to 65535, with a default of 4096. |
|
Enter the maximum number of bytes to parse for the total length of cookies, HTTP headers, and URLs. Valid entries are integers from 1 to 65535 with a default of 4096. |
|
Enter the ASCII-character delimiters to be used to separate cookies in a URL string. Valid entries are unquoted text strings with no spaces and a maximum of 4 characters. The default delimiters are /&#+. |
|
In the field on the left, enter the Multipurpose Internet Mail Extension (MIME) type to compress, and then click Add . The MIME type appears in the column on the right. To remove or change a MIME type, select it in the column on the right, and then click Remove . The selected MIME type appears in the field on the left where you can modify or delete it. To specify the sequence in which compression is to be applied, select MIME types in the column on the right, and then click Up or Down to arrange the MIME types. Supported MIME Types lists the supported MIME types. You can use an asterisk (*) to indicate a wildcard, such as text/* , which would include all text MIME types (text/html, text/plain, and so on). |
|
A user agent is a client that initiates a request. Examples of user agents include browsers, editors, and other end-user tools. When you specify a user agent string in this field, the ACE appliance does not compress the response to a request when the request contains the matching user agent string. In the field on the left, enter the user agent string to be matched, and then click Add . The string appears in the column on the right. To remove or change a user agent string, select it in the column on the right, and then click Remove . The selected string appears in the field on the left where you can modify or delete it. To specify the sequence in which strings are to be matched, select strings in the column on the right, and then click Up or Down to arrange the strings in the desired sequence. |
|
Enter the threshold at which compression is to occur. The ACE appliance compresses files that are the minimum size or larger. Valid entries are integers from 1 to 4096 bytes. |
Connection parameter maps combine all IP and TCP connection-related behaviors that pertain to the following:
Use this procedure to configure a Connection parameter map for use with a Layer 3/Layer 4 policy map.
Step 1 Choose Config > Virtual Contexts > context > Load Balancing > Parameter Maps > Connection Parameter Maps . The Connection Parameter Maps table appears.
Step 2 Click Add to add a new parameter map, or select an existing parameter map, and then click Edit to modify it. The Connection Parameter Maps configuration screen appears.
Step 3 In the Parameter Name field, enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters.
Step 4 Enter the information in Table 8-3. Click More Settings to access the additional Connection Parameter Map configuration attributes. By default, ACE appliance Device Manager hides the default Connection Parameter Map configuration attributes and the attributes which are not commonly used.
|
|
---|---|
Enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters. |
|
Brief description of the parameter map. Enter a text string with a maximum of 240 alphanumeric characters (A–Z, a–z, 0–9). Spaces and special characters are allowed. Enter double quotes as matching pairs. |
|
Enter the number of seconds that the ACE is to wait before disconnecting idle connections. Valid entries are integers from 0 to 3217203. A value of 0 indicates that ACE is never to time out a TCP connection. |
|
Indicate how the ACE is to handle segments that exceed the maximum segment size (MSS): |
|
Allows the ACE to splice together the client front-end and the server back-end connections when the ACE is proxying Layer 7 traffic flow and the negotiated front-end and back-end TCP handshakes do not match. Uncheck the check box when you do not want the ACE to enable a connection when the TCP handshakes do not match. |
|
Enter the maximum number of concurrent connections to allow for the parameter map. Valid entries are integers from 0 to4000000. |
|
The Nagle algorithm instructs a sender to buffer any data to be sent until all outstanding data has been acknowledged or until there is a full segment of data to send. Enabling the Nagle algorithm increases throughput, but it can increase latency in your TCP connection. Check the check box to enable the Nagle algorithm. Clear the check box to disable the Nagle algorithm. Note Disable the Nagle algorithm when you observe unacceptable delays in TCP connections. |
|
Randomizing TCP sequence numbers adds a measure of security to TCP connections by making it more difficult for a hacker to guess or predict the next sequence number in a TCP connection. Check the check box to enable the use of random TCP sequence numbers. Clear the check box to disable the use of random TCP sequence numbers. |
|
Enter the bandwidth-rate limit in bytes per second for the parameter map. Valid entries are integers from 0 to 300000000 bytes. |
|
Enter the connection-rate limit in connections per second. Valid entries are integers from 0 to350000. |
|
Indicate how the ACE is to handle segments with the reserved bits set in the TCP header: |
|
The type of service for an IP packet determines how the network handles the packet and balances its precedence, throughput, delay, reliability, and cost. Enter the type-of-service value to be applied to IP packets. Valid entries are integers from 0 to 255. For more information about type of service, refer to RFCs 791, 1122, 1349, and 3168. |
|
Enter the number of milliseconds that the ACE is to wait before sending an acknowledgement from a client to a server. Valid entries are integers from 0 to 400. |
|
To improve throughput and overall performance, the ACE buffers the number of bytes you specify before processing received data or transmitting data. Use this option to increase the default buffer size and thereby realize improved network performance. Enter the maximum size of the TCP buffer in bytes. Valid entries are integers from 8192 to 262143 bytes. Default is 32768. Note If you enter a value in this field for an ACE device that does not support this option, an error message appears. Leave this field blank when creating or modifying a connection parameter map for devices that do not support this option. |
|
Select the TCP buffer threshold, expressed as a percent, to indicate when the TCP connection is to be reset. This entry represents the maximum number of TCP connections that the hosts can open. This entry prevents the ACE from exhausting all available buffers due to the outage caused by DDoS attack. The options are 50, 75, 77, 88, 95, and 100. The default value is 100. |
|
Enter the size of the smallest segment of TCP data that the ACE is to accept. Valid entries are integers from 0 to 65535 bytes. The value 0 indicates that the ACE is not to set a minimum limit. |
|
Enter the size of the largest segment of TCP data that the ACE is to accept. Valid entries are integers from 0 to 65535 bytes. The value 0 indicates that the ACE is not to set a maximum limit. |
|
Enter the number of attempts that the ACE is to make to transmit a TCP segment when initiating a Layer 7 connection. Valid entries are integers from 1 to 15 with a default of 4. |
|
This option specifies how the ACE is to apply TCP optimizations to packets on a connection associated with a Layer 7 policy map using a round-trip time (RTT) value:
– If the actual client RTT is less than the configured RTT, the ACE performs normal operations for the life of the connection. – If the actual client RTT is greater than or equal to the configured RTT, the ACE performs TCP optimizations on the packets for the life of a connection. |
|
An embryonic connection is a TCP three-way handshake for a connection that does not complete for some reason. Enter the number of seconds that the ACE is to wait before timing out an embryonic connection. Valid entries are integers from 0 to 4294967295 with a default of 5. A value of 0 indicates that the ACE is never to time out an embryonic connection. |
|
A half-closed connection is one in which the client or server sends a FIN and the server or client acknowledges the FIN without sending a FIN itself. Enter the number of seconds the ACE is to wait before closing a half-closed connection. Valid entries are integers from 0 to 4294967295 with a default of 3600 (1 hour). A value of 0 indicates that the ACE is never to time out a half-closed connection. |
|
When enabled, the slow start algorithm increases the TCP window size as ACK handshakes arrive so that new segments are injected into the network at the rate at which acknowledgements are returned by the host at the other end of the connection. Check this check box to enable the slow start algorithm, and clear this check box to disable the slow start algorithm. This option is disabled by default. |
|
Indicate how the ACE is to handle TCP SYN segments that contain data: |
|
Urgent data, as indicated by a control bit in the TCP header, indicates that urgent data is to be processed as soon as possible, even before normal data. Indicate how the ACE is to handle urgent data as identified by the Urgent data control bit: |
|
The TCP window scaling extension expands the definition of the TCP window to 32 bits and uses a scale factor to carry the 32-bit value in the 16-bit window of the TCP header. Increasing the window size improves TCP performance in network paths with large bandwidth, long-delay characteristics. Enter the window scale factor in this field. Valid entries are integers from 0 to 14 (the maximum scale factor). For more information on TCP window scaling, refer to RFC 1323. |
|
Appears if you select Allow or Drop for the Action For TCP Options Range. Enter the lower limit of the TCP option range. Valid entries are 6, 7, or an integer from 9 to 255. See Table 8-4 for information on TCP options. |
|
Appears if you select Allow or Drop for the Action For TCP Options Range. Enter the upper limit of the TCP option range. Valid entries are 6, 7, or an integer from 9 to 255. See Table 8-4 for information on TCP options. |
|
Indicate how the ACE is to handle the selective ACK option that is specified in SYN segments: |
|
Indicate how the ACE is to handle the timestamp option that is specified in SYN segments: |
|
Indicate how the ACE is to handle the TCP window scale factor option that is specified in SYN segments: |
|
|
|
---|---|---|
1.For more information on TCP options, refer to the Security Guide, Cisco ACE Application Control Engine. |
Use this procedure to configure an Optimization parameter map for use with a Layer 3/Layer 4 policy map.
See the “Configuring Application Acceleration and Optimization” section or the Application Acceleration and Optimization Guide, Cisco ACE 4700 Series Application Control Engine Appliance for more information about application acceleration and optimization.
Step 1 Choose Config > Virtual Contexts > context > Load Balancing > Parameter Maps > Optimization Parameter Maps . The Optimization Parameter Maps table appears.
Step 2 Click Add to add a new parameter map, or select an existing parameter map, and then click Edit to modify it. The Optimization Parameter Maps configuration screen appears.
Step 3 In the Parameter Name field, enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters.
Step 4 Configure the Optimization parameter map using the information in Table 8-5.
|
|
---|---|
Brief description of the parameter map. Enter a text string with a maximum of 240 alphanumeric characters (A–Z, a–z, 0–9). Spaces and special characters are allowed. Double quotes must be entered as matching pairs. |
|
Select the method that the ACE is to use to determine the freshness of objects in the client’s browser:
|
|
This field appears if the Set Browser Freshness Period option is not configured. Enter the number of seconds that objects in the client’s browser are considered fresh. Valid entries are 0 to 2147483647 seconds. |
|
Enter a comma-separated list of HTTP response codes for which the response body must not be read. For example, an entry of 302 indicates that the ACE is to ignore the response body of a 302 (redirect) response from the origin server. Valid entries are unquoted text strings with a maximum of 64 alphanumeric characters and integers from 100 to 599, inclusive. |
|
Enter the percentage of all requests or sessions to be sampled for performance with acceleration (or optimization) applied. All applicable optimizations for the class will be performed. Valid entries are from 0 to 100 percent, with a default of 10 percent. The sum of this value and the value entered in the Passthru Rate Percent field must not exceed 100. |
|
Enter the percentage of all requests or sessions to be sampled for performance without optimization. No optimizations for the class will be performed. Valid entries are from 0 to 100, with a default of 10 percent. The sum of this value and the value entered in the Optimize Rate Percent field must not exceed 100. |
|
Enter the maximum number of bytes that are to be logged for each parameter value in the parameter summary of a transaction log entry in the statistics log. If a parameter value exceeds this limit, it is truncated at the specified limit. Valid entries are 0 to 10,000 bytes. |
|
Enter the maximum number of kilobytes of POST data the ACE is to scan for parameters for the purpose of logging transaction parameters in the statistics log. |
|
Enter the string the ACE is to use to sort requests for AppScope reporting. The string can contain a URL regular expression that defines a set of URLs in which URLs that differ only by their query parameters are to be treated as separate URLs in AppScope reports. For example, to define a string that is used to identify the URLs http://server/catalog.asp?region=asia and http://server/catalog.asp?region=america as two separate reporting categories, you would enter http_query_param(region) . Valid entries contain 1 to 255 characters and can contain the parameter expander functions listed in Table 8-6. |
|
Information that is common to a large set of users is generally not confidential or user-specific. Conversely, information that is unique to a specific user or a small set of users is generally confidential or user-specific. The anonymous base file feature enables the ACE to create and deliver condensed base files that contain only information that is common to a large set of users. No information unique to a particular user, or across a very small subset of users, is included in anonymous base files. Enter the value for base file anonymity for the all-user condensation method. Valid entries are integers from 0 to 50; the default value of 0 disables the base file anonymity feature. |
|
A cache object key is a unique identifier that is used to identify a cached object to be served to a client, replacing a trip to the origin server. The cache key modifier feature allows you to modify the canonical form of a URL; that is, the portion before “?” in a URL. For example, the canonical URL of “http://www.xyz.com/somepage.asp?action=browse&level=2” is “http://www.xyz.com/somepage.asp”. Enter a regular expression containing embedded variables as described in Table 8-6. The ACE transforms URLs specified in class maps for this virtual server with the expression and variable entered here. Valid entries are unquoted text strings with no spaces and a maximum of 255 alphanumeric characters. If the string includes spaces, enclose the string with quotation marks (“). |
|
Enter the minimum number of seconds that an object without an explicit expiration time should be considered fresh in the ACE cache. This value specifies the minimum time that content can be cached. If the ACE is configured for FlashForward optimization, this value should normally be 0. If the ACE is configured for dynamic caching, this value should indicate how long the ACE should cache the page. (See Table 5-16 for information about these configuration options.) |
|
Enter the maximum number of seconds that an object without an explicit expiration time should be considered fresh in the ACE cache. Valid entries are 0 to 2147483647 seconds. |
|
Enter the percent of an object’s age at which an embedded object without an explicit expiration time is considered fresh. |
|
The cache parameter feature allows you to modify the query parameter of a URL; that is, the portion after “?” in a URL. For example, the query parameter portion of “http://www.xyz.com/somepage.asp?action=browse&level=2” is “action=browse&level=2”. Enter a regular expression containing embedded variables as described in Table 8-6. The ACE transforms URLs specified in class maps for this virtual server with the expression and variable entered here. If no string is specified, the query parameter portion of the URL is used as the default value for this portion of the cache key. Valid entries are unquoted text strings with no spaces and a maximum of 255 alphanumeric characters. |
|
The ACE uses the canonical URL feature to eliminate the “?” and any characters that follow to identify the general part of the URL. This general URL is then used to create the base file. In this way, the ACE maps multiple URLs to a single canonical URL. Enter a comma-separated list of parameter expander functions as defined in Table 8-6 to identify the URLs to associate with this parameter map. Valid entries are unquoted text strings with a maximum of 255 alphanumeric characters. |
|
This feature allows the ACE to detect content that can be cached and perform delta optimization on it. Check the check box to enable delta optimization of content that can be cached. Clear the check box to disable this feature. |
|
Check the check box to enable condensation on the first visit to a Web page. Clear the check box to disable this feature. |
|
Enter the minimum page size, in bytes, that can be condensed. Valid entries are integers from 1 to 250000 bytes. |
|
Enter the maximum page size, in bytes, that can be condensed. Valid entries are integers from 1 to 250000 bytes. |
|
Indicate the scripting language that the ACE is to recognize on condensed content pages: |
|
Check the check box to indicate that delta optimization is not to be applied to IFrames (inline frames). Clear the check box to indicate that delta optimization is to be applied to IFrames. |
|
Check the check box to indicate that delta optimization is not to be applied to non-ASCII data. Clear the check box to indicate that delta optimization is to be applied to non-ASCII data. |
|
Check the check box to indicate that delta optimization is not to be applied to JavaScript. Clear the check box to indicate that delta optimization is to be applied to JavaScript. |
|
1. In the first field, enter a comma-separated list of the MIME (Multipurpose Internet Mail Extension) type messages that are not to have delta optimization applied, such as image/Jpeg, text/html, application/msword, or audio/mpeg. See Supported MIME Types for a list of supported MIME types. 2. Click Add to add the entry to the list box on the right. You can position the entries in the list box by using the Up and Down buttons. |
|
Check the check box to indicate that HTML META elements are to be removed from documents to prevent them from being condensed. Clear the check box to indicate that HTML META elements are not to be removed from documents. |
|
Select the method the ACE is to use to refresh stale embedded objects:
|
|
Enter the delta threshold, expressed as a percent, when rebasing is to be triggered. This entry represents the size of a page delta relative to total page size, expressed as a percent. This entry triggers rebasing when the delta response size exceeds the threshold as a percentage of base file size. |
|
Enter the threshold, expressed as a percent, when rebasing is to be triggered based on the percent of FlashForwarded URLs in the response. This entry triggers rebasing when the difference between the percentages of FlashForwarded URLs in the delta response and the base file exceeds the threshold. |
|
Enter the number of pages to be stored before the ACE resets all rebase control parameters to zero and starts over. This option prevents the base file from becoming too rigid. |
|
Enter the number of seconds after the last modification before performing a rebase. |
|
Enter the period of time, in seconds, for performing a meta data refresh. |
|
Indicate how the ACE is to handle client request headers (primarily for embedded objects): |
|
Indicate how the ACE is to handle origin server response headers (primarily for embedded objects): |
|
The UTF-8 (8-bit Unicode Transformation Format) character set is an international standard that allows Web pages to display non-ASCII or non-English multibyte characters. It can represent any universal character in the Unicode standard and is backwards compatible with ASCII. Enter the number of UTF-8 characters that need to appear on a page to constitute a UTF-8 character set page. Valid entries are integers from 1 to 1,000,000. |
|
The server load threshold trigger indicates that the time-to-live (TTL) period for cached objects is to be based dynamically on server load. With this method, TTL periods increase if the current response time from the origin sever is greater than the average response time and decrease if the current response time from the origin server is less than the average response time when the difference in response times exceeds a specified threshold amount. Enter the threshold, expressed as a percent, at which the TTL for cached objects is to be changed. |
|
This option specifies the percentage by which the cache TTL is increased or decreased in response to a change in server load. For example, if this value is set to 20 and the current TTL for a response is 300 seconds. and if the current server response times exceeds the trigger threshold, the cache TTL for the response is raised to 360 seconds. Enter the percent by which the cache TTL is to be increased or decreased when the server load threshold trigger is met. |
|
Select the method by which delta optimization is to be implemented:
|
|
Use this option to define a string that is to be sent in the server header for an HTTP response. This option provides you with a method for uniquely tagging the context or URL match statement by setting the server header value to a particular string. The server header string can be used when a particular URL is not being transmitted to the correct target context or match statement. Enter the string that is to appear in the server header. Valid entries are quoted text strings with a maximum of 64 alphanumeric characters. |
Table 8-6 lists the parameter expander functions that you can use.
Generic parameter maps allow you to specify nonprotocol-specific behavior for data parsing. Generic parameter maps examine the payload and make decisions regardless of the protocol.
Use this procedure to configure a generic parameter map.
Step 1 Choose Config > Virtual Contexts > context > Load Balancing > Parameter Maps > Generic Parameter Maps . The Generic Parameter Maps table appears.
Step 2 Click Add to add a new parameter map, or select an existing parameter map, and then click Edit to modify it. The Generic Parameter Maps configuration screen appears.
Step 3 Configure the parameter map using the information in Table 8-7.
RTSP parameter maps allow you to configure advanced RTSP behavior for server load-balancing connections.
Use this procedure to configure an RTSP parameter map.
Step 1 Select Config > Virtual Contexts > context > Load Balancing > Parameter Maps > RTSP Parameter Maps . The RTSP Parameter Maps table appears.
Step 2 Click Add to add a new parameter map, or select an existing parameter map, and then click Edit to modify it. The RTSP Parameter Maps configuration screen appears.
Step 3 Configure the parameter map using the information in Table 8-8.
SIP parameter maps allow you to configure SIP deep-packet inspection policy maps on the ACE.
Use this procedure to configure a SIP parameter map.
Step 1 Choose Config > Virtual Contexts > context > Load Balancing > Parameter Maps > SIP Parameter Maps . The SIP Parameter Maps table appears.
Step 2 Click Add to add a new parameter map, or select an existing parameter map, and then click Edit to modify it. The SIP Parameter Maps configuration screen appears.
Step 3 Configure the parameter map using the information in Table 8-9.
|
|
---|---|
Enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters. |
|
Brief description of the parameter map. Enter a text string with a maximum of 240 alphanumeric characters (A–Z, a–z, 0–9). Spaces and special characters are allowed. Double quotes must be entered as matching pairs. |
|
Check the check box to enable instant messaging (IM) over SIP after it has been disabled. |
|
Check the check box to enable the logging of all received and transmitted packets in the system log (syslog). By default, the ACE disables the logging of these packets, however allows the logging of dropped SIP packets in the syslog. The ACE allows all headers sent in the SIP packet, including proprietary headers. In the event of a failover for SIP sessions over UDP, the ACE continues to process SIP packets for established SIP sessions. |
|
This option allows you to configure the ACE to validate the value of the Max-Forward header field. Specify how the ACE is to handle the validation of Max-Forward header fields: |
|
Check the check box to indicate that the ACE is to log Max-Forward validation events. |
|
If the software version of a user agent is exposed, that user agent might be vulnerable to attacks from hackers who exploit the security holes present in that particular software version. This option allows you to mask or log the user agent software version so that it is not exposed. Check the check box to indicate that the ACE is to mask the user agent software version. |
|
Check the check box to indicate that the ACE is to log the user agent software version. |
|
You can ensure the validity of SIP packet headers by configuring the ACE to check for the presence of the following mandatory SIP header fields: If one of the header fields is missing in a SIP packet, the ACE considers that packet invalid. The ACE also checks for forbidden header fields, according to RFC 3261. |
|
Check the check box to indicate that the ACE is to log header validation events. |
|
This option and the next enable the detection of non-SIP URIs in SIP messages. Check the check box to indicate that the ACE is to mask non-SIP URIs in SIP messages. |
|
Check the check box to indicate that the ACE is to log non-SIP URIs in SIP messages. |
|
Specify the timeout period for SIP media pinhole (secure port) connections in seconds. Valid entries are integers from 1 to 65535 seconds. The default is 5 seconds. |
Skinny Client Control Protocol (SCCP or Skinny) parameter maps allow you to configure SCCP packet inspection on the ACE.
Use this procedure to configure a Skinny parameter map.
Step 1 Select Config > Virtual Contexts > context > Load Balancing > Parameter Maps > Skinny Parameter Maps . The Skinny Parameter Maps table appears.
Step 2 Click Add to add a new parameter map, or select an existing parameter map, and then click Edit to modify it. The Skinny Parameter Maps configuration screen appears.
Step 3 Configure the parameter map using the information in Table 8-10.
|
|
---|---|
Enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters. |
|
Brief description of the parameter map. Enter a text string with a maximum of 240 alphanumeric characters (A–Z, a–z, 0–9). Spaces and special characters are allowed. Double quotes must be entered as matching pairs. |
|
You can configure the ACE to allow only registered Skinny clients to make calls. To accomplish this task, the ACE maintains the state of each Skinny client. After a client registers with CCM, the ACE opens a secure port (pinhole) to allow that client to make a call. Check the check box to enable Skinny registration enforcement. |
|
Enter the largest value for the station message ID in hexadecimal that the ACE is to accept. Valid entries are hexadecimal values from 0x0 to 0x4000. The default value is 0x181. Note The Message Id Max. hexadecimal value should always start with 0x or 0X. If a packet arrives with a station message ID greater than the specified value, the ACE drops the packet and generates a syslog message. |
|
By default, the ACE drops SCCP messages that have an SCCP Prefix length that is less than the message ID. The ACE drops Skinny message packets that fail this check and generates a syslog message. Enter the minimum SCCP prefix length in bytes. Valid entries are integers from 4 to 4000 bytes. |
|
This feature allows you to configure the ACE so that it checks the maximum SCCP prefix length. The ACE drops Skinny message packets that fail this check and generates a syslog message. Enter the maximum SCCP prefix length in bytes. Valid entries are integers from 4 to 4000 bytes. |
Domain Name System (DNS) parameter maps allow you to configure DNS actions for DNS packet inspection.
Use this procedure to configure a DNS parameter map.
Step 1 Select Config > Virtual Contexts > context > Load Balancing > Parameter Maps > DNS Parameter Maps . The DNS Parameter Maps table appears.
Step 2 Click Add to add a new parameter map, or select an existing parameter map, and then click Edit to modify it. The DNS Parameter Maps configuration screen appears.
Step 3 Configure the parameter map using the information in Table 8-11.
Remote Desktop Protocol (RDP) parameter maps configure routing-token-rebalance in which the ACE redirects connections that contain RDP packets to another server when the real server that matches the routing token information in the client request is down.
Use this procedure to configure a RDP parameter map.
Step 1 Select Config > Virtual Contexts > context > Load Balancing > Parameter Maps > RDP Parameter Maps . The RDP Parameter Maps table appears.
Step 2 From the RDP Parameter Maps table, click Add to add a new parameter map, or select an existing parameter map, and then click Edit to modify it. The New Parameter Map configuration table appears.
Step 3 From the New Parameter Map table, configure the parameter map using the information in Table 8-11.
The ACE appliance supports following MIME types:
Use this procedure to view all parameter maps associated with a virtual context.
Step 2 Select the virtual context with the parameter maps you want to view, and then select Load Balancing > Parameter Maps . The Parameter Maps table appears listing each parameter map and its type.