ACE Loadbalancing to a rserver not directly connected

Unanswered Question
Sep 29th, 2010
User Badges:

Hi All,

I have a scenario where an ACE load balancer needs to load balance to a couple of servers on another subnet not directly connected to the ACE. At first this seems resonable to configure the rservers and create static routes to reach them, my concern is the return path and the rservers being hidden behind the VIP.

Has anyone had a similar scenario?

Has anyone got any comments on this?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Wed, 09/29/2010 - 09:30
User Badges:
  • Purple, 4500 points or more


You would source NAT the traffic on the ACE. It would translate to a different address that the server would reply to for continued communications. Here's a link that can explain it better than I can

Hope it helps.

kris-andrews Thu, 09/30/2010 - 00:59
User Badges:

Thanks Collin,

I have taken a look at the link you sent, so just to confirm,

When a clients request comes in with a destination address of the VIP, the ACE will load balance to the servers (by default the ACE does not translate the clients source address) by routing to the rserver addresses, by default if the clients source address is not source NAT'ed on the ACE the server will route directly back to the client bypassing the ACE.

So i guess to overcome this issue i would need to ensure that the clients source address is NAT'ed by the ACE to ensure that the server response is routed back to the ACE and then routed back to the client.

Also, in general, when a server responds to a client i thought the servers real address is hidden by the VIP by default, does the same apply in this scenario?

Does this sound right?


Collin Clark Thu, 09/30/2010 - 06:38
User Badges:
  • Purple, 4500 points or more

I would say you are correct on all statements.

kris-andrews Fri, 10/01/2010 - 02:03
User Badges:

Thanks again Colin for your feedback,

Regarding source NAT on the ACE, all the example configurations i have seen include configuring a nat pool under the interface.

Do you know if it's possible to source NAT the traffic from the interface alias address of the interface, the reason i ask is the interface subnet i want to source NAT from has no free addresses to allocate to a NAT pool?

Any ideas,

Your help is very much appreciated.


simonstoll Mon, 10/04/2010 - 23:25
User Badges:

Hi Kris

Whether you can use the interface IP as NAT Pool I cannot answer you (never tried to do so, but I don't think it will work as you have different Interface IP's in a HA ACE Konfig on the active and passiv peer), but you can make a NAT Pool with only one IP. That works great and you just need one IP. You can even reuse this "one IP Pool" in different Classes.

best regards



This Discussion