ACE - Ping to Server-Side interface

Answered Question
Jul 17th, 2008

Hi Folks,

I have a problem whereby I need to allow my real servers to ping the Server-Side ACE interface. Is this explicitly denied? I have the VIP up and running OK but my server can't ping the Server-Side interface (which is it's gateway).

Thanks in advance,

SteveK.

I have this problem too.
0 votes
Correct Answer by jleszewski about 8 years 4 months ago

I think You should apply policy REMOTE_MGMT_ALLOW_POLICY to interface vlan 56 or globally.

Currently it's only applied to vlan 55 which is the client side interface.

If You don't want telnet/ssh access from server side, then You need to prepare another class and policy with only icmp traffic allowed.

Correct Answer by Syed Iftekhar Ahmed about 8 years 4 months ago

Your management policy is not configured under server side vlan

Do the following and you are good to go

interface vlan 56

service-policy input REMOTE_MGMT_ALLOW_POLICY

Thanks

Syed Iftekhar Ahmed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
jleszewski Thu, 07/17/2008 - 23:26

You probably didn't configure management type policy or didn't include icmp traffic there.

Or didn't apply this policy to appropriate interface or globally.

Correct Answer
Syed Iftekhar Ahmed Fri, 07/18/2008 - 00:19

Your management policy is not configured under server side vlan

Do the following and you are good to go

interface vlan 56

service-policy input REMOTE_MGMT_ALLOW_POLICY

Thanks

Syed Iftekhar Ahmed

Correct Answer
jleszewski Fri, 07/18/2008 - 02:21

I think You should apply policy REMOTE_MGMT_ALLOW_POLICY to interface vlan 56 or globally.

Currently it's only applied to vlan 55 which is the client side interface.

If You don't want telnet/ssh access from server side, then You need to prepare another class and policy with only icmp traffic allowed.

stevek1 Sun, 07/20/2008 - 19:50

Thanks Kuba and Syed,

Your speedy response was most helpful.

Cheers, SteveK.

Actions

This Discussion