Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE 4710 Client and Server hitting same VIP

But the catch here is we are using IP's from server side VLAN's as opposed to from the Client side. If that were the case I would simply use SNAT and assign a pool but in this case that doesn't appear to work.

So how do I get this to work?

Mike

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACE 4710 Client and Server hitting same VIP

you have to create a natpool on the vlan facing the servers.

Then create a policy, match the same vip, and simply add the nat dynamic function.

Assign this policy to the server vlan.

If the address in the natpool belong to the server subnet, nothing else is required.

Otherwise, you need to make sure the servers have a route to the addresses in the pool pointing to the ACE.

If that does not work, send your config.

Gilles.

4 REPLIES
Cisco Employee

Re: ACE 4710 Client and Server hitting same VIP

you need client nat for the connections opened by the servers.

Whatever the VIP, after loadbalancing the destination is the server.  So when the server sees a connection from another server, it does reply to the server directly, bypassing the ACE, and therefore the response comes directly from the server instead of the vip.

Gilles.

New Member

Re: ACE 4710 Client and Server hitting same VIP

And how do I do that? You say client nat, i hear source nat and think of this-

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6ef5.shtml

this doesn't work because my VIP IP pool is the same as the server side vlan.

We are using public IP on our servers as to not have to manage rfc1918 addresses.

Mike

Cisco Employee

Re: ACE 4710 Client and Server hitting same VIP

you have to create a natpool on the vlan facing the servers.

Then create a policy, match the same vip, and simply add the nat dynamic function.

Assign this policy to the server vlan.

If the address in the natpool belong to the server subnet, nothing else is required.

Otherwise, you need to make sure the servers have a route to the addresses in the pool pointing to the ACE.

If that does not work, send your config.

Gilles.

New Member

Re: ACE 4710 Client and Server hitting same VIP

It never occured to me that I would have to NAT an IP from a subnet to an IP in the same exact subnet. It

doesn't make any sense on the surface, but under the hood I get it now.

Thanks!

Mike

657
Views
0
Helpful
4
Replies