Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE ONE One Arm Mode

Hi, I need that one server can communicate with the VIP of other servers that are in the same subnet. I know that the solution is trough NAT, but at the moment I don’t have success.

Can anyone help me?

Desenho3.gif

rserver host REAL1

ip address 172.16.20.100

inservice

rserver host REAL2

ip address 172.16.20.101

inservice

rserver host FW_SEC_1

ip address 172.16.20.102

inservice

rserver host FW_SEC_2

ip address 172.16.20.103

inservice

serverfarm SEC_20_SF

rserver REAL1

   inservice

rserver REAL2

   inservice

serverfarm SEC_SF

rserver FW_SEC_1

   inservice

rserver FW_SEC_2

   inservice

class-map match-any SEC_20_VS

10 match virtual-address 172.16.10.18 eq https

class-map match-any FW_SEC_VIP

10 match virtual-address 172.16.10.19 eq http

class-map match-any C-NAT

10 match source-address 172.16.20.0 255.255.255.0

policy-map multi-match POL_SEC_20

class SEC_20_VS

   loadbalance vip inservice

   loadbalance policy …

policy-map multi-match POL_SEC_FW

class FW_SEC_VIP

   loadbalance vip inservice

   loadbalance policy …

policy.map multi-match POL-NAT

class C-NAT

        nat dynamic 1 vlan 20

interface vlan 10

ip address 172.16.10.5 255.255.255.0

alias …

service-policy input POL_SEC_20

service-policy input POL_SEC_FW

no shutdown

interface vlan 20

ip address 172.16.20.5 255.255.255.0

alias …

service-policy input POL-NAT

nat-pool 1 172.16.10.200 172.16.10.210 netmask 255.255.255.0 pat

no shutdown

thank you

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: ACE ONE One Arm Mode

Hi Green,

You need to add the "POL_SEC_20 and POL_SEC_FW" policies also under the interface VLAN 20. Please note you don't need to remove them from the vlan 10 you just need to add them under vlan 20 as well in order to ARP for the VIP addresses through that SVI.

interface vlan 20

ip address 172.16.20.5 255.255.255.0

alias …

service-policy input POL-NAT

service-policy input POL_SEC_20

service-policy input POL_SEC_FW

nat-pool 1 172.16.10.200 172.16.10.210 netmask 255.255.255.0 pat

no shutdown

HTH

__ __

Pablo

2 REPLIES
Bronze

Re: ACE ONE One Arm Mode

Hi Green,

You need to add the "POL_SEC_20 and POL_SEC_FW" policies also under the interface VLAN 20. Please note you don't need to remove them from the vlan 10 you just need to add them under vlan 20 as well in order to ARP for the VIP addresses through that SVI.

interface vlan 20

ip address 172.16.20.5 255.255.255.0

alias …

service-policy input POL-NAT

service-policy input POL_SEC_20

service-policy input POL_SEC_FW

nat-pool 1 172.16.10.200 172.16.10.210 netmask 255.255.255.0 pat

no shutdown

HTH

__ __

Pablo

New Member

ACE ONE One Arm Mode

Hi Pablo,

Perfect, it’s all functioning.

Thanks for the help.

Regards

965
Views
0
Helpful
2
Replies
CreatePlease to create content