12-18-2009 07:24 AM
MY ACE is connected to a Core switch where all the LAN users, Server zone and ACE inside interface is connected in different VLAN. MY LAN users traffic is not passing through the ACE while accessing the server zone.
I have configured the ACE for server load balancing and it is workig fine but only from the other segment which are accessing the server zone via ACE.
Server1: 192.168.200.66
Server 2: 192.168.200.67
VIP: 192.168.200.65
Only LAN users are not able to access the Virtual IP address. Because Core switch is sending users traffic directly to the Server Zone not to the ACE.
From the LAN I am only able to reach real IP addresses not the Virtual IP addresses.
But from the WAN and other segments I can reach the Virtual IP address. Please let me know how to handle this situation.
12-21-2009 11:32 AM
The only solution is to enable client nat for traffic coming from the LAN side.
This will force the core switch to send the traffic to the ACE.
Gilles.
12-21-2009 09:37 PM
policy-map multi-match PM_RT_FAX
class RT_FAX
loadbalance vip inservice
loadbalance policy PM_LB_RT_FAX
loadbalance vip icmp-reply active
nat dynamic 1 vlan 300
interface vlan 300
policy-map multi-match PM_RT_FAX
nat-pool 1 172.23.16.2 172.23.16.2 netmask 255.255.255.255 pat
interface vlan 200
policy-map multi-match PM_RT_FAX
I did the same and it is working, but now VLAN 200 users which are coming from the WAN is also being natted. Though the statement "nat dynmaic is only containing VLAN 300"
12-22-2009 01:42 AM
the vlan 300 inside the nat statement specify the "outgoing" interface.
Since your servers are on vlan 300, all users are nated.
You need to create a separate policy for nating and assign it only on vlan 300.
ie:
policy-map multi-match PM_RT_FAX
class RT_FAX
loadbalance vip inservice
loadbalance policy PM_LB_RT_FAX
loadbalance vip icmp-reply active
policy-map multi-match PM_RT_FAX_NAT
class RT_FAX
nat dynamic 1 vlan 300
interface vlan 300
policy-map multi-match PM_RT_FAX
policy-map multi-match PM_RT_FAX_NAT
nat-pool 1 172.23.16.2 172.23.16.2 netmask 255.255.255.255 pat
interface vlan 200
policy-map multi-match PM_RT_FAX
This will do what you need.
Gilles.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: