ACE 4170 port redirection in Bridged mode

Answered Question
Jun 19th, 2009
User Badges:

Hi Friends,


Is it possible to do port redirection on ACE while it is configured on Bridged Mode. For example. a user is accessing the Loadbalancer VIP on port 80 and this is redirected to port 8080 on backend servers?


I have attached a diagram for easier understanding. Is there a need to configure NAT in such cases?


Any help will be appreciated. Thanks in advance guys.



Attachment: 
Correct Answer by dario.didio about 7 years 9 months ago

Hi,


if you want to allow ping to the VIP address, you only need to apply this command in your L3-4 policy map:


loadbalance vip icmp-reply


example:


policy-map multi-match L4-TEST-VIPS

class WWW-TEST

loadbalance vip inservice

loadbalance policy WWW_POLICY

loadbalance vip icmp-reply


more info can be found here:


http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/classlb.html#wp1000929


If you want ICMP to pass through the ACE tp reach the real servers, you need to allow it in an ACL.


Hope this helps,

Dario

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
dario.didio Fri, 06/19/2009 - 04:30
User Badges:
  • Silver, 250 points or more

Hi,


yes this is possible by just adding the port-number after the rserver name when defining the serverfarm.


For example:


rserver server1

ip address 192.168.10.110

inservice

rserver server2

ip address 192.168.10.111

inservice


serverfarm www-servers

rserver server1 8080

inservice

rserver server2 8080

inservice


class-map test

match virtual-address 192.168.10.100 tcp port eq 80


This way, the VIP will be on port 80, and the ACE will communicate with the real servers on port 8080.


Please rate if this was helpful for you.


HTH,

Dario


dinesh.thathana... Sun, 06/21/2009 - 20:45
User Badges:

Thanks Dario.


It was really helpful, however just want to know whether ping is allowed since we mention only port 80 in the virtual address?


Thanks again.

Correct Answer
dario.didio Sun, 06/21/2009 - 23:40
User Badges:
  • Silver, 250 points or more

Hi,


if you want to allow ping to the VIP address, you only need to apply this command in your L3-4 policy map:


loadbalance vip icmp-reply


example:


policy-map multi-match L4-TEST-VIPS

class WWW-TEST

loadbalance vip inservice

loadbalance policy WWW_POLICY

loadbalance vip icmp-reply


more info can be found here:


http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/classlb.html#wp1000929


If you want ICMP to pass through the ACE tp reach the real servers, you need to allow it in an ACL.


Hope this helps,

Dario

Actions

This Discussion