Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
574
Views
0
Helpful
3
Replies

ACE Routing

wasiimcisco
Level 1
Level 1

‎12-18-2009 07:24 AM

MY ACE is connected to a Core switch where all the LAN users, Server zone and ACE inside interface is connected in different VLAN.  MY LAN users traffic is not passing through the ACE while accessing the server zone.

I have configured the ACE for server load balancing and it is workig fine but only from the other segment which are accessing the server zone via ACE.

Server1: 192.168.200.66

Server 2: 192.168.200.67

VIP:    192.168.200.65

Only LAN users are not able to access the Virtual IP address. Because Core switch is sending users traffic directly to the Server Zone not to the ACE.

From the LAN I am only able to reach real IP addresses not the Virtual IP addresses.

But from the WAN and other segments I can reach the Virtual IP address. Please let me know how to handle this situation.

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎12-21-2009 11:32 AM

The only solution is to enable client nat for traffic coming from the LAN side.

This will force the core switch to send the traffic to the ACE.

Gilles.

0 Helpful

wasiimcisco
Level 1
Level 1
In response to Gilles Dufour

‎12-21-2009 09:37 PM

policy-map multi-match PM_RT_FAX
  class RT_FAX
    loadbalance vip inservice
    loadbalance policy PM_LB_RT_FAX
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 300

interface vlan 300

policy-map multi-match PM_RT_FAX

nat-pool 1 172.23.16.2 172.23.16.2 netmask 255.255.255.255 pat

interface vlan 200

policy-map multi-match PM_RT_FAX

I did the same and it is working, but now VLAN 200 users which are coming from the WAN is also being natted. Though the statement "nat dynmaic is only containing VLAN 300"

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to wasiimcisco

‎12-22-2009 01:42 AM

the vlan 300 inside the nat statement specify the "outgoing" interface.

Since your servers are on vlan 300, all users are nated.

You need to create a separate policy for nating and assign it only on vlan 300.

ie:

policy-map multi-match PM_RT_FAX
  class RT_FAX
    loadbalance vip inservice
    loadbalance policy PM_LB_RT_FAX
    loadbalance vip icmp-reply active

policy-map multi-match PM_RT_FAX_NAT
  class RT_FAX



     nat dynamic 1 vlan 300

interface vlan 300

policy-map multi-match PM_RT_FAX

policy-map multi-match PM_RT_FAX_NAT

nat-pool 1 172.23.16.2 172.23.16.2 netmask 255.255.255.255 pat

interface vlan 200

policy-map multi-match PM_RT_FAX

This will do what you need.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents