Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access serverfarm from another server behind the ACE

I have a web server farm and an email server farm, both load balanced behind the same ACE.  However, the web servers cannot connect to the email servers (and vice versa).

I've also tested from other servers behind the ACE, and they cannot connect to either server farm.

Is there something that prevents the ACE from servicing hosts that actually lie behind the ACE?

I can ping the VIP, but cannot access the web site or connect to port 25 on the mail server.

Thanks.

Jason

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Access serverfarm from another server behind the ACE

Jason,

There are two reasons why this would not be working when the client is in the server vlan.

1 you need to have the service-policy applied to the server facing vlan.

2 you need SNAT. If the device initiating the connection to the vip is in the server vlan nat is needed to force the server to reply back to the ACE rather than the client directly. this would be considered a one armed mode topology in this case.

Regards

Jim

3 REPLIES
Cisco Employee

Access serverfarm from another server behind the ACE

Jason,

There are two reasons why this would not be working when the client is in the server vlan.

1 you need to have the service-policy applied to the server facing vlan.

2 you need SNAT. If the device initiating the connection to the vip is in the server vlan nat is needed to force the server to reply back to the ACE rather than the client directly. this would be considered a one armed mode topology in this case.

Regards

Jim

New Member

Access serverfarm from another server behind the ACE

That was what I needed.  Once I added the SNAT, it worked.

Thank you.

Jason

New Member

Access serverfarm from another server behind the ACE

Hello,

i understand the sourcenat but is it mandatory to add the service policy  with SN on server side and not only on client side ?

thanx

515
Views
0
Helpful
3
Replies
CreatePlease login to create content