John_Klemm_4418
Oct 30, 2006Nimbostratus
Irule won't accept
01070585:3: Virtual server (XXX_REPEATERS_HTTP) cannot reference rule (_sys_auth_ssl_ocsp) more than once (check persistence, auth and rules).
Has anyone gotten this before?
netmask 255.255.254.0
}
mgmt route default inet {
gateway xxx.xxx.32.1
}
interface 1.11 {
disable
}
interface 1.12 {
disable
}
interface 1.13 {
disable
}
interface 1.14 {
disable
}
interface 1.15 {
disable
}
interface 2.1 {
disable
}
interface 2.2 {
disable
}
vlan Internal_Vlan {
tag 4093
interfaces 1.1 1.10 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9
}
vlan External_Vlan {
tag 4094
interfaces 1.16
}
vlangroup Bridge_Group {
tag 4092
member External_Vlan Internal_Vlan
}
stp {
}
stp instance 0 {
vlan External_Vlan
vlan Internal_Vlan
interface 1.1 external path cost 200000 internal path cost 200000
interface 1.10 external path cost 200000 internal path cost 200000
interface 1.16 external path cost 200000 internal path cost 200000
interface 1.2 external path cost 200000 internal path cost 200000
interface 1.3 external path cost 200000 internal path cost 200000
interface 1.4 external path cost 200000 internal path cost 200000
interface 1.5 external path cost 200000 internal path cost 200000
interface 1.6 external path cost 200000 internal path cost 200000
interface 1.7 external path cost 200000 internal path cost 200000
interface 1.8 external path cost 200000 internal path cost 200000
interface 1.9 external path cost 200000 internal path cost 200000
}
self allow { default tcp ssh tcp domain tcp https tcp snmp tcp 4353 udp domain udp snmp udp efs udp 4353 proto ospf }
self xxx.xxx.145.17 {
netmask 255.255.255.0
vlan Bridge_Group
allow default
}
I just installed the Authentication module and cannot seem to get the irule to attach to the VIP. Like I said before the error points me back to authorization or persistence. Any help is welcomed. This VIP is for OCSP responders. I just cannot get the rule to attach.
Here is the irule very generic:
when CLIENT_ACCEPTED {
set tmm_auth_ssl_ocsp_sid [AUTH::start pam default_ssl_ocsp]
}
when CLIENTSSL_CLIENTCERT {
AUTH::cert_credential $tmm_auth_ssl_ocsp_sid [SSL::cert 0]
AUTH::cert_issuer_credential $tmm_auth_ssl_ocsp_sid [SSL::cert issuer 0]
AUTH::authenticate $tmm_auth_ssl_ocsp_sid
SSL::handshake hold
}
when AUTH_SUCCESS {
if {$tmm_auth_ssl_ocsp_sid eq [AUTH::last_event_session_id]} {
SSL::handshake resume
}
}
when AUTH_FAILURE {
if {$tmm_auth_ssl_ocsp_sid eq [AUTH::last_event_session_id]} {
reject
}
}
when AUTH_WANTCREDENTIAL {
if {$tmm_auth_ssl_ocsp_sid eq [AUTH::last_event_session_id]} {
reject
}
}
when AUTH_ERROR {
if {$tmm_auth_ssl_ocsp_sid eq [AUTH::last_event_session_id]} {
reject
}
}