I am migrating from a CSS environment to an ACE module in a 6513. I have an ACE context between VLAN29 and VLAN30 that is a DMZ. VLAN29 faces the firewalls and VLAN30 the real servers. I can access the servers with a serverfarm and a "vip". I need to access the servers real address directly for management, and some of them need direct access to internal resources.
You just need appropriate access-list on ACE to access real servers behind ACE and corresponding inbound access-group allowing the session on the interface where the request is received.
Along with this routes on the upstream router are required to point to the ACE as next-hop to reach the Networks where Real Servers reside.
For Real server initiated connections again you need an ACL and inbound access group on server side interface. For return traffic You can either NAT these connections or define routes on upstream routers to point to the ACE as next-hop to reach the Networks where Real Servers reside.
Wireshark captures shows packets with same IPs but MACs reversing until TTL expires. Looks like traffic in 192.168.30.0/24 is forwarded to default route instead of out vlan30 interface. Wireshark on vlan30 never sees it.
It is redundant, I put that in before the default, and never took it out.
I found the problem.
I had a load balance config for the firewalls and had applied it to the both interfaces. It only need to be on the vlan30 interface. I think I copied this from the example in the manual. I see now, its not a good idea.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...