ACE port redirection

Answered Question
Jul 27th, 2009
User Badges:

Hi Experts,


I need your help,


Is it possible to do port redirection on ACE . For example. a user is accessing the Loadbalancer VIP on port 80 and this is redirected to port 8080 on backend servers?



Any help will be appreciated. Thanks in advance guys.


Any documnet or link in this regard would be helpful.


RObertS

Correct Answer by sachinga.hcl about 7 years 9 months ago

HI


Yes this is possible by just adding the port-number after the rserver name when defining the serverfarm.


For example:


rserver server1

ip address 10.20.30.41

inservice

rserver server2

ip address 10.20.30.42

inservice


serverfarm www-servers

rserver server1 8080

inservice

rserver server2 8080

inservice


class-map test

match virtual-address 10.20.30.40 tcp port eq 80


This way, the VIP will be on port 80, and the ACE will communicate with the real servers on port 8080.


Kindly check below URL for Configuring Static NAT and Port Redirection


http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_Network_Address_Translation


Kindly Rate if you find this information useful to you.


Sachin Garg

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
sachinga.hcl Mon, 07/27/2009 - 05:32
User Badges:
  • Silver, 250 points or more

HI


Yes this is possible by just adding the port-number after the rserver name when defining the serverfarm.


For example:


rserver server1

ip address 10.20.30.41

inservice

rserver server2

ip address 10.20.30.42

inservice


serverfarm www-servers

rserver server1 8080

inservice

rserver server2 8080

inservice


class-map test

match virtual-address 10.20.30.40 tcp port eq 80


This way, the VIP will be on port 80, and the ACE will communicate with the real servers on port 8080.


Kindly check below URL for Configuring Static NAT and Port Redirection


http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_Network_Address_Translation


Kindly Rate if you find this information useful to you.


Sachin Garg

robertsmith.net... Mon, 07/27/2009 - 05:36
User Badges:

HI Sachin


Thanks for your quick response.


However just want to know whether ping is allowed since we mention only port 80 in the virtual address? DO i need to add something on the top of this to allow ping also.


Kindly help.



RobertS


sachinga.hcl Mon, 07/27/2009 - 05:40
User Badges:
  • Silver, 250 points or more

Hi Robert,


If you want to allow ping to the VIP address, you only need to apply this command in your L3-4 policy map:


loadbalance vip icmp-reply


example:


policy-map multi-match L4-TEST-VIPS

class WWW-TEST

loadbalance vip inservice

loadbalance policy WWW_POLICY

loadbalance vip icmp-reply


more info can be found here:


http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/classlb.html#wp1000929


If you want ICMP to pass through the ACE tp reach the real servers, you need to allow it in an ACL.


Hope this helps,


Sachin Garg


lingaraj19 Wed, 08/21/2013 - 05:09
User Badges:

Hi,


If I want to redirect the with mulitple ports. for example, front end port which i am using is 80 and in back end it should be load balanced with the port 8080.8081,8082,9090


is it possible to configure and if yes kindly help me with the steps.


thanks in advance.


Regards,

Lingaraj R N

Actions

This Discussion