Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
348
Views
0
Helpful
1
Replies

Web server return traffic does not go through ACE

ab_parkhi
Level 1
Level 1

‎03-20-2007 01:51 PM

Hi ,

I had configured ACE for my web servers ,

when i tried to hit VIP of webserver, return traffic directly tries to hit client.

Is there any command to instruct ACE (like group in CSS) for same.

Thanks

Aniruddha

Labels:
0 Helpful
1 Reply 1

Syed Iftekhar Ahmed
Level 8
Level 8

‎03-20-2007 02:56 PM

Are you running ACE in routed/Bridge mode? If you are running it in routed mode then make sure that server side vlan SVI is not configured on MSFC.

When you configure a source group in CSS, a CSS provides network address translation (NAT) of source IP addresses and port address translation (PAT) of source ports.

This can be achieved in ACE as well

class-map nat

match source-address any

!

policy-map multi-match nat

class nat

nat dynamic 1 vlan 100

!

interface vlan 20 <-- Client Vlan

ip address 10.20.10.1 255.255.255.0

service-policy input nat

!

interface vlan 100 <-- Server Vlan

ip address 10.10.10.100 255.255.255.0

nat-pool 1 10.10.10.18 netmask 255.255.255.255 pat

With the above config all traffic will be source nated to 10.10.10.18 before hitting the real server. Return traffic from servers will be destined to 10.10.10.18 and as a result will end up to ACE.

Hope it helps

Syed Iftekhar Ahmed

0 Helpful
Customers Also Viewed These Support Documents