I've one behaviour on ace, than I can not understand...
We've one interface on the ACE which is connected to a firewall via switch.
In the same vlan is a serverfarm.
net e.g. 172.16.10.0/24
the server's gateway is the ACE (172.16.10.1)
the ACE's gateway is the firewall (172.16.10.2)
when a server in another net 172.20.10.0/24 is connecting to 172.16.10.0/24, then the SYN is sent from the firewall directly to the server in net 172.16.10.0/24. because the firewall has an interface directly connected.
the SYN-ACK is sent through the ACE (because servergateway is ACE).
> the ACE is NOT routing this packet back to 172.20.10.0/24 via firewall. routing-table is OK.
in capture on ACE the packet is NOT displayed...
but when the server in 172.16.10.0/24 is initiating the session, the SYN is routed through the ACE and in capture I can see the packet...
can anyone tell me, if the ACE prevents routing without seeing SYN? (anti-spoofing ect...)
In some way ACE works as a statefull proxy. If there is a SYN-ACK from the server, the SYN had to be generated by the ACE itself as an action for the SYN received on the VIP ( proxy between the client and the server(s) ).
You can solve this by setting the Server gateway the firewall , and doing SNAT for the clients. This way the connections that come directly to the server will be back via the firewall , and the connections to the VIP on the ACE will be SNATed, the flow back going to the ACE in his way to the client.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...