Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1718
Views
5
Helpful
3
Replies

ACE 30 one-arm mode SNAT to same IP as VIP

Go to solution
David Niemann
Level 3
Level 3

‎11-21-2016 02:10 PM

Trying to set up a bidirectional connection that source NATs all rserver initiated connections to the same IP as the inbound VIP.  I think I have the config right, but it doesn't seem to work.  The IP that should be used for all comms is a VIP of 172.31.0.176 which you will see in the NAT pool.  the 172.31.0.178 was created as a VIP for the rservers to send outbound to which will be source NATed to the 172.31.0.176.

rserver host RS_XXX_CORP_SMARTHOST_1
  description XXX CORP SMARTHOST FOR EMAIL
  ip address 5.5.5.5
  inservice

serverfarm host SF_EXC2013_SMTP_OUTBOUND
  description Exchange 2013 SMTP
  predictor leastconns
  rserver RS_XXX_CORP_SMARTHOST_1 25
    inservice

sticky ip-netmask 255.255.255.255 address source Sticky_SrcIP_EXC2013_SMTP_OUTBOUND
  serverfarm SF_EXC2013_SMTP_OUTBOUND
  replicate sticky

class-map match-any VS_EXC2013_SMTP_OUTBOUND
  description Exchange 2013 SMTP Outbound
  2 match virtual-address 172.31.0.178 tcp eq smtp

policy-map type loadbalance first-match EXC2013_SMTP_OUTBOUND
  class class-default
    sticky-serverfarm Sticky_SrcIP_EXC2013_SMTP_OUTBOUND

policy-map multi-match Farm_VIPS

class VS_EXC2013_SMTP_OUTBOUND
    loadbalance vip inservice
    loadbalance policy EXC2013_SMTP_OUTBOUND
    loadbalance vip icmp-reply active
    nat dynamic 6 vlan 511

interface vlan 511
  description ACE-DMZ-front
  bridge-group 1
  mac-sticky enable
  access-group input BPDU
  access-group input ANYONE
  nat-pool 6 172.31.0.176 172.31.0.176 netmask 255.255.255.0 pat
  service-policy input PM_AdminAccess
  service-policy input Farm_VIPS
  no shutdown

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
David Niemann
Level 3
Level 3
In response to Wade Patterson

‎01-03-2017 08:08 AM

This config actually worked for me.  I had an issue with the L2L tunnel the traffic was utilizing causing it to be dropped.  Once the L2L tunnel as up it worked as planned.

View solution in original post

3 Replies 3

Go to solution
Wade Patterson
Cisco Employee
Cisco Employee

‎01-03-2017 08:03 AM

David,

Since the rservers are on a separate subnet from the VIP, do they have a valid L3 path to the VIP?

0 Helpful

Go to solution
David Niemann
Level 3
Level 3
In response to Wade Patterson

‎01-03-2017 08:08 AM

This config actually worked for me.  I had an issue with the L2L tunnel the traffic was utilizing causing it to be dropped.  Once the L2L tunnel as up it worked as planned.

Go to solution
Wade Patterson
Cisco Employee
Cisco Employee
In response to David Niemann

‎01-03-2017 08:10 AM

Ok.  When I looked through the config it didn't appear as if anything was wrong.  Glad you got it fixed.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents