Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE - Ping to Server-Side interface

Hi Folks,

I have a problem whereby I need to allow my real servers to ping the Server-Side ACE interface. Is this explicitly denied? I have the VIP up and running OK but my server can't ping the Server-Side interface (which is it's gateway).

Thanks in advance,

SteveK.

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: ACE - Ping to Server-Side interface

Your management policy is not configured under server side vlan

Do the following and you are good to go

interface vlan 56

service-policy input REMOTE_MGMT_ALLOW_POLICY

Thanks

Syed Iftekhar Ahmed

New Member

Re: ACE - Ping to Server-Side interface

I think You should apply policy REMOTE_MGMT_ALLOW_POLICY to interface vlan 56 or globally.

Currently it's only applied to vlan 55 which is the client side interface.

If You don't want telnet/ssh access from server side, then You need to prepare another class and policy with only icmp traffic allowed.

5 REPLIES
New Member

Re: ACE - Ping to Server-Side interface

You probably didn't configure management type policy or didn't include icmp traffic there.

Or didn't apply this policy to appropriate interface or globally.

New Member

Re: ACE - Ping to Server-Side interface

Thanks for the response Kuba.

I've attached the config for you - can you see what the cause is?

SteveK.

Re: ACE - Ping to Server-Side interface

Your management policy is not configured under server side vlan

Do the following and you are good to go

interface vlan 56

service-policy input REMOTE_MGMT_ALLOW_POLICY

Thanks

Syed Iftekhar Ahmed

New Member

Re: ACE - Ping to Server-Side interface

I think You should apply policy REMOTE_MGMT_ALLOW_POLICY to interface vlan 56 or globally.

Currently it's only applied to vlan 55 which is the client side interface.

If You don't want telnet/ssh access from server side, then You need to prepare another class and policy with only icmp traffic allowed.

New Member

Re: ACE - Ping to Server-Side interface

Thanks Kuba and Syed,

Your speedy response was most helpful.

Cheers, SteveK.

256
Views
3
Helpful
5
Replies