Bypass ACE from internal network

Unanswered Question
Mar 8th, 2010
User Badges:

I am configure ACE 4710 in routed mode and I want to access individual virtual servers (servers behind the ACE) from different internal network. Let's say:

Servers behind ACE IP:

Other inside network IP:

I want to access servers from network directly. While from outside network traffic will come from ACE virtual IP. Does anybody can help in, how can I acheive this?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Sean Merrow Mon, 03/08/2010 - 06:02
User Badges:
  • Silver, 250 points or more

Hi Pawan,

For internal clients that need to access the servers behind the ACE directly, all you need is an ACL in the ingress interface of the ACE to allow that traffic.  For traffic that comes into the ACE that is not destined for a VIP, the ACE will simply route the traffic to the destination according to its routing table (ie static or default routes).  All you need is the ACL to permit that traffic as it enters the ACE.

Hope this helps,


mueller-bech Tue, 03/09/2010 - 23:14
User Badges:

Hi Pawan,

the network behind the ACE ( must be known by the router in front of the ACE. You must have a static route on the router (L3-switch) pointing to the alias address of the ACE. To reach that network from the hole LAN you must redistribute the static route in the routing protocol (OSPF or EIGRP).




This Discussion