08-06-2009 12:24 PM
ACE in bridge mode, VIP is on the same subnet as rservers and other servers. There is no issue for clients from internet to access the VIP. However, the servers on the same subnet of the real server cannot access VIP.
I guess that's because after VLB assign/redirect request the request to a rserver, the return traffic may bypass the VLB. Is it correct? Is there any way to allow the servers behind the VIP to access VIP also?
Thanks!
ST
08-06-2009 12:32 PM
I'm using a CSM with the same scenario and use a pool to NAT the real server source IP.
Hope this help.
Andrea
08-06-2009 12:37 PM
Hi Andrea, do you have any doc/link referring the NAT solution?
Thanks!
ST
08-06-2009 12:50 PM
Hi Andrea, do you have any doc/link referring the NAT solution?
Thanks!
ST
08-06-2009 12:51 PM
I will try the "transparent" cmd on server farm.
08-06-2009 02:11 PM
You simply need to source Nat this traffic.For example if all servers & clients are on vlan 10 (1.1.1.0/24 subnet) then you need following config
rserver host YOURSERVER1
ip address 1.1.1.100
inservice
rserver host YOURSERVER2
ip address 1.1.1.101
inservice
serverfarm host
rserver YOURSERVER1
inservice
rserver YOURSERVER2
inservice
class-map match-all YOURVIP
2 match virtual-address 1.1.1.200 tcp eq www
policy-map type loadbalance first-match YOURPOLICY
class class-default
serverfarm YOURSERVERFARM
nat dynamic 1001 vlan 10 serverfarm primary
policy-map multi-match VLAN10-VIPS
class YOURVIP
loadbalance vip inservice
loadbalance policy YOURPOLICY
loadbalance vip icmp-reply active
interface vlan 10
ip address 1.1.1.1 255.255.255.0
access-group input ANYONE
nat-pool 1001 1.1.1.250 1.1.1.250 netmask 255.255.255.0 pat
service-policy input VLAN10-VIPS
no shutdown
HTH
Syed Iftekhar Ahmed
08-06-2009 02:51 PM
Syed, Thanks!
I also found the link -
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide