Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACE 4710 asymetric routing

Is there any possibility to allow asymetric routing for non-balanced flows.

We face a situation in which a server in a LB serverfarm tries to connect another server

in a different segment. The ACE is gateway for this segment but has an own interface in the

destination VLAN. The destination server has as default gateway to another router.

The ACE receives the return packet on a different interface and drops it.

Log :

Oct 23 2010 14:19:58 : %ACE-4-313004: Denied ICMP type=0, from laddr on interface vlan1403 to no matching session

I understood from some Cisco presentations that we can allow asymetric routing when we disable

normalization (no normalization). I tested this, but did not work. Also no icmp-guard did not help.

In addition i do not see non-loadbalanced flows in the connection table (sh conn).

I there a way to see non-balanced flows through the ACE ?

Do the non-balanced flows also use the default inactivity timers (TCP = 1h) ?

Thank you for your help.

  • Application Networking
New Member

Re: ACE 4710 asymetric routing

Is it not possible to have a host route added to the destination server ? This would allow the traffic to be routed back the same way it came and thus the connection work ?

Try adding a static route onto the destination server along the lines of ...

route add [source address of server] mask [IP address of ACE interface]

This would cause the traffic to be routed between the two hosts via the ACE module which is good because the ACE is acting as a router between the two network segments.

That's just what I would do but I understand that it may not be the option you want.

Good luck

Cisco Employee

Re: ACE 4710 asymetric routing

turning off normalization on the receiving interface should work.

But maybe not for icmp...but icmp is not really important.  You should test with tcp or udp.


This widget could not be displayed.