ACE

dinesh1977 · ‎01-17-2008

Hi ,

I have configured VIP in ACE and users are able to access the VIP .

How can I access VIP from the real server?.

__ Rgds

Dinesh

Gilles Dufour · ‎01-17-2008

Dinesh,

you need to perform client nat when servers try to access the vip (this is true for every loadbalancers).

in this case, create an acl to match the traffic from the real servers to the vip.

ie:

class-map src-rserver

match access-list ....

Then create a natpool on the server vlan

interface vlan XXX

natpool 1 x.x.x.x .....

Then create a policy-map to link the nat-pool and the class-map

policy-map multimatch nat-rserver

class src-rserver

nat dynamic 1 vlan XXX

Finally, configure the policy-map on the server interface

interface vlan XXX

service-policy input nat-rserver

Gilles.

dinesh1977 · ‎01-17-2008

Hi Gilles,

Thanks for the information .

Please find the below config

interface vlan 15

description server-side Interface

bridge-group 10

access-group input ORACLE-ACCESS

access-group output ORACLE-ACCESS

no shutdown

********

class-map match-all ORACLE

2 match virtual-address 172.16.150.250 tcp eq www

should i configure natpool on vlan 15 ?

What will be the IP address ? ( natpool 1 X.X.X.X) . could you please clarify this also ?

Thanks in advance

-- Dinesh

IAN PERRY · ‎02-23-2009

Dinesh,

Yes, the natpool should be configured on VLAN 15, and the IP address should be a valid and available one on the same subnet as BVI 10.

Hope this helps,

Ian

dinesh1977 · ‎01-18-2008

Hi Gilles ,

We have configured bridge group in ACE ..

Both client side and server side vlan are in same segments . In that case how to achieve this ?

Rgds

Dinesh