ACE Routing

Unanswered Question
Dec 18th, 2009
User Badges:

MY ACE is connected to a Core switch where all the LAN users, Server zone and ACE inside interface is connected in different VLAN.  MY LAN users traffic is not passing through the ACE while accessing the server zone.





I have configured the ACE for server load balancing and it is workig fine but only from the other segment which are accessing the server zone via ACE.


Server1: 192.168.200.66

Server 2: 192.168.200.67

VIP:    192.168.200.65


Only LAN users are not able to access the Virtual IP address. Because Core switch is sending users traffic directly to the Server Zone not to the ACE.


From the LAN I am only able to reach real IP addresses not the Virtual IP addresses.


But from the WAN and other segments I can reach the Virtual IP address. Please let me know how to handle this situation.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Mon, 12/21/2009 - 11:32
User Badges:
  • Cisco Employee,

The only solution is to enable client nat for traffic coming from the LAN side.

This will force the core switch to send the traffic to the ACE.


Gilles.

wasiimcisco Mon, 12/21/2009 - 21:37
User Badges:

policy-map multi-match PM_RT_FAX
  class RT_FAX
    loadbalance vip inservice
    loadbalance policy PM_LB_RT_FAX
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 300


interface vlan 300

policy-map multi-match PM_RT_FAX

nat-pool 1 172.23.16.2 172.23.16.2 netmask 255.255.255.255 pat

interface vlan 200

policy-map multi-match PM_RT_FAX



I did the same and it is working, but now VLAN 200 users which are coming from the WAN is also being natted. Though the statement "nat dynmaic is only containing VLAN 300"

Gilles Dufour Tue, 12/22/2009 - 01:42
User Badges:
  • Cisco Employee,

the vlan 300 inside the nat statement specify the "outgoing" interface.

Since your servers are on vlan 300, all users are nated.

You need to create a separate policy for nating and assign it only on vlan 300.


ie:


policy-map multi-match PM_RT_FAX
  class RT_FAX
    loadbalance vip inservice
    loadbalance policy PM_LB_RT_FAX
    loadbalance vip icmp-reply active

policy-map multi-match PM_RT_FAX_NAT
  class RT_FAX



     nat dynamic 1 vlan 300



interface vlan 300

policy-map multi-match PM_RT_FAX

policy-map multi-match PM_RT_FAX_NAT

nat-pool 1 172.23.16.2 172.23.16.2 netmask 255.255.255.255 pat

interface vlan 200

policy-map multi-match PM_RT_FAX


This will do what you need.


Gilles.

Actions

This Discussion