ACE 4710 - Traffic to VIP not passing

Unanswered Question
Jan 28th, 2010
User Badges:

We have the ACE appliance set up on 2x VLANs.  The public side has public addressing and the private side has RFC1918 addresses. All webservers sit on the private side and there is a punlic VIP applied to the site we are load balancing.  The load balancing part is working well.  However.. although the webservers work, they sometime need to send traffic to other servers within the same VLAN, I would like this traffic to be sent to a different VIP and load balanced between several servers performing the necessary function.  The issue is the traffic sent to the VIP isnt working and for the moment I am having to use the real RFC1918 addresses in host files..

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dario.didio Fri, 01/29/2010 - 05:38
User Badges:
  • Silver, 250 points or more

Hi,


Probably your problem is the return traffic. Because all your servers are in the same VLAN (IP Subnet) the traffic flow is:

Server -> VIP on ACE -> server

Server <----------------------- server.


To have loadbalancing working, your initial and return traffic both need to pass the ace, because it is a stateful device.


You can solve this by doing source NAT.


Take a llok at following example on how to configure SNAT.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3041.shtml


HTH,

Dario

Actions

This Discussion