Web server return traffic does not go through ACE

Unanswered Question
Mar 20th, 2007
User Badges:

Hi ,

I had configured ACE for my web servers ,

when i tried to hit VIP of webserver, return traffic directly tries to hit client.

Is there any command to instruct ACE (like group in CSS) for same.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Syed Iftekhar Ahmed Tue, 03/20/2007 - 14:56
User Badges:
  • Blue, 1500 points or more

Are you running ACE in routed/Bridge mode? If you are running it in routed mode then make sure that server side vlan SVI is not configured on MSFC.

When you configure a source group in CSS, a CSS provides network address translation (NAT) of source IP addresses and port address translation (PAT) of source ports.

This can be achieved in ACE as well

class-map nat

match source-address any


policy-map multi-match nat

class nat

nat dynamic 1 vlan 100


interface vlan 20 <-- Client Vlan

ip address

service-policy input nat


interface vlan 100 <-- Server Vlan

ip address

nat-pool 1 netmask pat

With the above config all traffic will be source nated to before hitting the real server. Return traffic from servers will be destined to and as a result will end up to ACE.

Hope it helps

Syed Iftekhar Ahmed


This Discussion