I have a cluster of two ACE-4710 in a one-armed design on a VLAN. I cannot use client NAT as the source address has to be logged in the server log (source IP insert is not an option here). So, I configured an alias IP address which should serve a default gateway for the servers.
Is there anything to be configured to allow routing on the same subnet with the ACE, beside a permit ACL and a default route ?
I have the following interface configuration and the local routing does not work :
interface vlan 110
description *** ACE Context Virtual Interface ***
ip address 10.56.33.20 255.255.255.240
alias 10.56.33.22 255.255.255.240
peer ip address 10.56.33.21 255.255.255.240
access-group input ALL_TRAFFIC
service-policy input ACE_MGMT_POLICY
service-policy input VIP_PROD
ip route 0.0.0.0 0.0.0.0 10.56.33.17
nothing needs to be done to allow routing even in one-armed mode.
But, ACE is a stateful device so it needs to see both side of the traffic.
What is happening is that you only see traffic from the server ... the other side will probably bypass the ACE.
Try to configure 'no normalization' under the interface.