Bypass ACE from internal network

winpwnkmr · ‎03-08-2010

I am configure ACE 4710 in routed mode and I want to access individual virtual servers (servers behind the ACE) from different internal network. Let's say:

Servers behind ACE IP: 172.16.1.0/24

Other inside network IP: 172.16.20.0/24

I want to access servers 172.16.1.0 from 172.16.20.0 network directly. While from outside network traffic will come from ACE virtual IP. Does anybody can help in, how can I acheive this?

Thanks,

Pawan

Sean Merrow · ‎03-08-2010

Hi Pawan,

For internal clients that need to access the servers behind the ACE directly, all you need is an ACL in the ingress interface of the ACE to allow that traffic. For traffic that comes into the ACE that is not destined for a VIP, the ACE will simply route the traffic to the destination according to its routing table (ie static or default routes). All you need is the ACL to permit that traffic as it enters the ACE.

Hope this helps,

Sean

winpwnkmr · ‎03-08-2010

Thanks Sean.. I will try that.

mueller-bech · ‎03-09-2010

Hi Pawan,

the network behind the ACE (172.16.1.0/24) must be known by the router in front of the ACE. You must have a static route on the router (L3-switch) pointing to the alias address of the ACE. To reach that network from the hole LAN you must redistribute the static route in the routing protocol (OSPF or EIGRP).

regards

Achim