Src/ Dst being LB'd by same ACE...reachability issue

Unanswered Question
Apr 29th, 2009
User Badges:


Source: 2 Proxy servers

Destination: 2 Application Servers

Cannot ping each others VIP.

Can ping the real servers.

Is there some issue about the same ACE, LB'ing Src & Dest VIPs.

Response will be appreciated.

ACE mod A2(1.2)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dario.didio Wed, 04/29/2009 - 23:20
User Badges:
  • Silver, 250 points or more


some more explenation would be appreciated.

What are you trying to accomplish?

What do you mean by source and destination VIPs?

cisco_adt Thu, 04/30/2009 - 07:22
User Badges:

Source is Proxy Server

Destination is an Application Server

2 different Vlans.

Default Gateway is the Router.

Router sends it to a FW.

(FW's are LB'd by the ACE as well)

PBR is used.

SYN follows the traffic path described above. (rserver-->VIP(Proxy)-->Router-->FW-->down towards the App VIP)

SYN-ACK (rserver-->VIP (App)-->Router-->VIP (Proxy)

SYN-ACK does not go thru the FW....but directly to the other VIP.



This Discussion