ACE - Ping to Server-Side interface

Answered Question
Jul 17th, 2008
User Badges:

Hi Folks,

I have a problem whereby I need to allow my real servers to ping the Server-Side ACE interface. Is this explicitly denied? I have the VIP up and running OK but my server can't ping the Server-Side interface (which is it's gateway).

Thanks in advance,

SteveK.

Correct Answer by jleszewski about 8 years 8 months ago

I think You should apply policy REMOTE_MGMT_ALLOW_POLICY to interface vlan 56 or globally.


Currently it's only applied to vlan 55 which is the client side interface.


If You don't want telnet/ssh access from server side, then You need to prepare another class and policy with only icmp traffic allowed.


Correct Answer by Syed Iftekhar Ahmed about 8 years 8 months ago

Your management policy is not configured under server side vlan


Do the following and you are good to go


interface vlan 56

service-policy input REMOTE_MGMT_ALLOW_POLICY


Thanks

Syed Iftekhar Ahmed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
jleszewski Thu, 07/17/2008 - 23:26
User Badges:

You probably didn't configure management type policy or didn't include icmp traffic there.

Or didn't apply this policy to appropriate interface or globally.


stevek1 Thu, 07/17/2008 - 23:33
User Badges:

Thanks for the response Kuba.

I've attached the config for you - can you see what the cause is?

SteveK.




Attachment: 
Correct Answer
Syed Iftekhar Ahmed Fri, 07/18/2008 - 00:19
User Badges:
  • Blue, 1500 points or more

Your management policy is not configured under server side vlan


Do the following and you are good to go


interface vlan 56

service-policy input REMOTE_MGMT_ALLOW_POLICY


Thanks

Syed Iftekhar Ahmed

Correct Answer
jleszewski Fri, 07/18/2008 - 02:21
User Badges:

I think You should apply policy REMOTE_MGMT_ALLOW_POLICY to interface vlan 56 or globally.


Currently it's only applied to vlan 55 which is the client side interface.


If You don't want telnet/ssh access from server side, then You need to prepare another class and policy with only icmp traffic allowed.


stevek1 Sun, 07/20/2008 - 19:50
User Badges:

Thanks Kuba and Syed,


Your speedy response was most helpful.


Cheers, SteveK.

Actions

This Discussion