04-06-2010 03:43 AM
Hi all,
II know reverse-sticky command is not support in ACE, is there a equavient comment that i can ensure "reverse-sticky". I'm trying to loadbalance Cisco NAC servers with ACE. The NAC server LB concept should be like FWLB, i need the return traffic from to go throught the same NAC server that the traffic orginates.
04-06-2010 04:02 AM
The solution is to use predictor hash address souce on the frontend ACE and predictor hash address destination on the backend
ACE.
Gilles.
04-06-2010 04:31 AM
Hi Gilles,
Thank you for the reply. Does the solution needs to be in multiple ACE deployment? As i only have 1 ACE available can it be achived in a single ACE deployment?
04-06-2010 04:53 AM
This can be done in a single ACE. You could have 2 contexts 1 for frontend and 1 for backend.
A firewall loadbalancing (FWLB) design is always of the type
outside---------- ACE(front) --------------- Firewalls -------------- ACE(back) --------inside
This is to guarantee that packets flow through the same firewall in both direction.
This can be done with 2 physical ACE's or 2 contexts on a single ACE.
Can also be done inside a single context of a single ACE but maybe more difficult - more confusing.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide