Web server return traffic does not go through ACE

Unanswered Question
Mar 20th, 2007
User Badges:

Hi ,


I had configured ACE for my web servers ,

when i tried to hit VIP of webserver, return traffic directly tries to hit client.


Is there any command to instruct ACE (like group in CSS) for same.


Thanks

Aniruddha

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Tue, 03/20/2007 - 14:56
User Badges:
  • Blue, 1500 points or more

Are you running ACE in routed/Bridge mode? If you are running it in routed mode then make sure that server side vlan SVI is not configured on MSFC.


When you configure a source group in CSS, a CSS provides network address translation (NAT) of source IP addresses and port address translation (PAT) of source ports.


This can be achieved in ACE as well



class-map nat

match source-address any

!

policy-map multi-match nat

class nat

nat dynamic 1 vlan 100

!

interface vlan 20 <-- Client Vlan

ip address 10.20.10.1 255.255.255.0

service-policy input nat

!

interface vlan 100 <-- Server Vlan

ip address 10.10.10.100 255.255.255.0

nat-pool 1 10.10.10.18 netmask 255.255.255.255 pat


With the above config all traffic will be source nated to 10.10.10.18 before hitting the real server. Return traffic from servers will be destined to 10.10.10.18 and as a result will end up to ACE.


Hope it helps

Syed Iftekhar Ahmed


Actions

This Discussion