Converting from CSS11501 to ACE 4710 appliance - Need help

Unanswered Question
Sep 9th, 2009
User Badges:

I am trying to replicate this environment (see attached) on our new ace appliances but it doesn't like what the css-conversion tool had me do and the only way I can make it work is with transparent mode, no NAT, and the default route being set on my servers to the ACE. This is not a good solution since these servers are accessed by user subnets directly in some cases. What I tried....

(this works, says service is operational)

probe tcp p80_PROBE

interval 15

passdetect interval 5

port 80

rserver host web-s1


ip address

rserver host web-s2


ip address

serverfarm host web

probe p80_PROBE

rserver web-s1 80


rserver web-s2 80


class-map match-all web_CLASS

match virtual-address tcp eq 80

policy-map type loadbalance first-match web_POLICY

class class-default

serverfarm web

policy-map multi-match POLICY

class web_CLASS

loadbalance vip inservice

loadbalance vip icmp-reply active

loadbalance policy web_POLICY

nat dynamic 10 vlan 100

interface vlan 100

nat-pool 10 netmask pat

service-policy input POLICY

I have also put ACLs allowing everything on all interfaces but that doesn't change anything.

serverfarm details shows failures and no connections when i try to access from my browser

am I messing up how I do NAT? What else may be the issue?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JeramyKoval Thu, 09/10/2009 - 07:13
User Badges:

Is that an edited config from your ACE? I just don't see an IP address for the interface. You will want the ACL as well or the ACE will deny the connections.

katieraezer Thu, 09/10/2009 - 09:06
User Badges:

yes it is edited, i assigned an ip address and also added an access-group in and out that permits any any


This Discussion