Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
932
Views
0
Helpful
4
Replies

ACE 4710 Client and Server hitting same VIP

Go to solution
mbalasko
Level 1
Level 1

‎12-02-2009 04:54 PM

But the catch here is we are using IP's from server side VLAN's as opposed to from the Client side. If that were the case I would simply use SNAT and assign a pool but in this case that doesn't appear to work.

So how do I get this to work?

Mike

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to mbalasko

‎12-04-2009 01:27 AM

you have to create a natpool on the vlan facing the servers.

Then create a policy, match the same vip, and simply add the nat dynamic function.

Assign this policy to the server vlan.

If the address in the natpool belong to the server subnet, nothing else is required.

Otherwise, you need to make sure the servers have a route to the addresses in the pool pointing to the ACE.

If that does not work, send your config.

Gilles.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎12-03-2009 02:00 AM

you need client nat for the connections opened by the servers.

Whatever the VIP, after loadbalancing the destination is the server.  So when the server sees a connection from another server, it does reply to the server directly, bypassing the ACE, and therefore the response comes directly from the server instead of the vip.

Gilles.

0 Helpful

Go to solution
mbalasko
Level 1
Level 1
In response to Gilles Dufour

‎12-03-2009 07:46 AM

And how do I do that? You say client nat, i hear source nat and think of this-

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6ef5.shtml

this doesn't work because my VIP IP pool is the same as the server side vlan.

We are using public IP on our servers as to not have to manage rfc1918 addresses.

Mike

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to mbalasko

‎12-04-2009 01:27 AM

you have to create a natpool on the vlan facing the servers.

Then create a policy, match the same vip, and simply add the nat dynamic function.

Assign this policy to the server vlan.

If the address in the natpool belong to the server subnet, nothing else is required.

Otherwise, you need to make sure the servers have a route to the addresses in the pool pointing to the ACE.

If that does not work, send your config.

Gilles.

0 Helpful

Go to solution
mbalasko
Level 1
Level 1
In response to Gilles Dufour

‎12-07-2009 08:54 AM

It never occured to me that I would have to NAT an IP from a subnet to an IP in the same exact subnet. It

doesn't make any sense on the surface, but under the hood I get it now.

Thanks!

Mike

0 Helpful
Customers Also Viewed These Support Documents