Installation guide

ManualsBrandsCisco ManualsComputer equipmentExplorer 4700

461

462

463

464

465

466

467

468

469

470

12-41

Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance

OL-26645-02

Chapter 12 Configuring Traffic Policies

Configuring Rules and Actions for Policy Maps

Kal-ap-Primary-Out-of-

Service

Enables the ACE to notify the Global Site Selector (GSS) that the primary server farm is down

when the backup server farm is in use.

By default, when you configure a redirect server farm as a backup server farm on the ACE and

the primary server farm fails, the backup server farm redirects the client requests to another data

center. However, the VIP remains in the INSERVICE state.

When you configure the ACE to communicate with a Global Site Selector (GSS), it provides

information for server availability. When a backup server is in use after the primary server farm

is down, this feature enables the ACE to inform the GSS that the VIP for the primary server farm

is out of service by returning a load value of 255. The GSS recognizes that the primary server

farm is down and sends future DNS requests with the IP address of the other data center.

Policymap The ACE is to associate a Layer 7 server load-balancing policy map with this Layer 3/Layer 4

policy map.

In the Policy Map field, select the Layer 7 policy map to associate with this Layer 3/Layer 4

policy map.

SSL-Proxy

Note The SSL-Proxy option is not available with the ACE NPE software version (see the

“Information About the ACE No Payload Encryption Software Version” section on

page 1-2).

The ACE is to use an SSL proxy server service to define the SSL parameters the ACE is to use

during the handshake and subsequent SSL session.

1. In the SSL Proxy field, select the SSL proxy server service to use in the handshake and

subsequent SSL session when the ACE engages with an SSL client.

2. In the SSL Proxy Type field, confirm that Server is selected to indicate that the ACE is to be

configured so that it is recognized as an SSL server.

UDP-Fast-Age The ACE is to close the connection immediately after sending a response to the client, thereby

enabling per-packet load balancing for UDP traffic.

VIP-ICMP-Reply A VIP is to send an ICMP ECHO-REPLY response to ICMP requests.

1. In the Active field, click the check box to instruct the ACE to reply to an ICMP request only

if the configured VIP is active. If the VIP is not active and the active option is specified, the

ACE discards the ICMP request and the request times out.

2. In the Primary Inservice field, click the check box to instruct the ACE to reply to an ICMP

ping only if the primary server farm state is UP, regardless of the state of the backup server

farm. If this option is enabled and the primary server farm state is DOWN, the ACE discards

the ICMP request and the request times out.

Table 12-17 Layer 3/Layer 4 Network Traffic Policy Map Actions (continued)

Action Description/Steps