03-12-2010 12:22 AM
Hello
I'm trying to establish a session between one of my real servers behind the ace and some external network without any NAT. According to the documentation I should only configure correct ACL on both the client and server vlan and it should works. Unfortunately, although I see hits in the ACL configured on the outside direction for client vlan the traffic is not passing the ACE.
When I configure the capture I can see traffic only in the server vlan. There is no traffic in the client vlan.
Does anybody know what else should I configure ?
Thank you in advance
Regards
Lucas
03-12-2010 06:56 AM
Hi,
Make sure that the routers in your network know the path to the subnet behind the ACE. You can do this by configuring a static route on your upstream router connected to the ACE, and redistribute this static route in your routing protocol.
The static route on your upstream router should have the alias address (in case of HA) or the physical address of the ACE as next hop.
HTH,
Dario
03-15-2010 12:09 AM
Hello
I did it. Finally I found that the packets were living the ACE but I could not see them in the capture. I captured them by using span port on the ACE client vlan.
Is seems that the ACE does not show the outgoing traffic in the capture. At least in the A2(1.5) version.
Regards
Lukas
03-15-2010 10:37 PM
are trying to initiate a traffic using the server IP or the VIP ip?
03-16-2010 12:20 AM
The server ip
03-16-2010 12:36 AM
if you are natting server ip to the ACE VIP, you may switch to DSR which allow the servers to source packets using the VIP IP.
03-16-2010 12:39 AM
but if you want the rserver to send traffic without any NAT or using the VIP IP,
make sure you apply your access list to the inbout interfaces and static route from the ACE to the next hop MSFC
03-16-2010 01:46 AM
Hi,
the capture feature on the ACE only works in the input direction:
The packet capture function enables access-control lists (ACLs) to control which packets are captured by the ACE on the input interface.
Is your problem resolved now or does this still not work?
If so, what do you see in the capture?
HTH,
Dario
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide