Gilles Dufour Thu, 01/17/2008 - 05:25
User Badges:
  • Cisco Employee,

Dinesh,


you need to perform client nat when servers try to access the vip (this is true for every loadbalancers).


in this case, create an acl to match the traffic from the real servers to the vip.


ie:

class-map src-rserver

match access-list ....


Then create a natpool on the server vlan


interface vlan XXX

natpool 1 x.x.x.x .....


Then create a policy-map to link the nat-pool and the class-map


policy-map multimatch nat-rserver

class src-rserver

nat dynamic 1 vlan XXX


Finally, configure the policy-map on the server interface


interface vlan XXX

service-policy input nat-rserver


Gilles.

dinesh1977 Thu, 01/17/2008 - 10:19
User Badges:

Hi Gilles,


Thanks for the information .


Please find the below config


interface vlan 15

description server-side Interface

bridge-group 10

access-group input ORACLE-ACCESS

access-group output ORACLE-ACCESS

no shutdown

********

class-map match-all ORACLE

2 match virtual-address 172.16.150.250 tcp eq www


should i configure natpool on vlan 15 ?

What will be the IP address ? ( natpool 1 X.X.X.X) . could you please clarify this also ?


Thanks in advance


-- Dinesh


IAN PERRY Mon, 02/23/2009 - 02:34
User Badges:

Dinesh,


Yes, the natpool should be configured on VLAN 15, and the IP address should be a valid and available one on the same subnet as BVI 10.


Hope this helps,


Ian

dinesh1977 Fri, 01/18/2008 - 01:42
User Badges:

Hi Gilles ,


We have configured bridge group in ACE ..


Both client side and server side vlan are in same segments . In that case how to achieve this ?


Rgds

Dinesh

Actions

This Discussion