Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACE "reverse-sticky"

Hi all,

        II know reverse-sticky command is not support in ACE, is there a equavient comment that i can ensure "reverse-sticky". I'm trying to loadbalance Cisco NAC servers with ACE. The NAC server LB concept should be like FWLB, i need the return traffic from to go throught the same NAC server that the traffic orginates.

Cisco Employee

Re: ACE "reverse-sticky"

The solution is to use predictor hash address souce on the frontend ACE and predictor hash address destination on the backend



New Member

Re: ACE "reverse-sticky"

Hi Gilles,

             Thank you for the reply. Does the solution needs to be in multiple ACE deployment? As i only have 1 ACE available can it be achived in a single ACE deployment?

Cisco Employee

Re: ACE "reverse-sticky"

This can be done in a single ACE.  You could have 2 contexts 1 for frontend and 1 for backend.

A firewall loadbalancing (FWLB) design is always of the type

outside---------- ACE(front) --------------- Firewalls -------------- ACE(back) --------inside

This is to guarantee that packets flow through the same firewall in both direction.

This can be done with 2 physical ACE's or 2 contexts on a single ACE.

Can also be done inside a single context of a single ACE but maybe more difficult - more confusing.