Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE - rserver can not access VIP

ACE in bridge mode, VIP is on the same subnet as rservers and other servers. There is no issue for clients from internet to access the VIP. However, the servers on the same subnet of the real server cannot access VIP.

I guess that's because after VLB assign/redirect request the request to a rserver, the return traffic may bypass the VLB. Is it correct? Is there any way to allow the servers behind the VIP to access VIP also?

Thanks!

ST

6 REPLIES
New Member

Re: ACE - rserver can not access VIP

I'm using a CSM with the same scenario and use a pool to NAT the real server source IP.

Hope this help.

Andrea

New Member

Re: ACE - rserver can not access VIP

Hi Andrea, do you have any doc/link referring the NAT solution?

Thanks!

ST

New Member

Re: ACE - rserver can not access VIP

Hi Andrea, do you have any doc/link referring the NAT solution?

Thanks!

ST

New Member

Re: ACE - rserver can not access VIP

I will try the "transparent" cmd on server farm.

Re: ACE - rserver can not access VIP

You simply need to source Nat this traffic.For example if all servers & clients are on vlan 10 (1.1.1.0/24 subnet) then you need following config

rserver host YOURSERVER1

ip address 1.1.1.100

inservice

rserver host YOURSERVER2

ip address 1.1.1.101

inservice

serverfarm host

rserver YOURSERVER1

inservice

rserver YOURSERVER2

inservice

class-map match-all YOURVIP

2 match virtual-address 1.1.1.200 tcp eq www

policy-map type loadbalance first-match YOURPOLICY

class class-default

serverfarm YOURSERVERFARM

nat dynamic 1001 vlan 10 serverfarm primary

policy-map multi-match VLAN10-VIPS

class YOURVIP

loadbalance vip inservice

loadbalance policy YOURPOLICY

loadbalance vip icmp-reply active

interface vlan 10

ip address 1.1.1.1 255.255.255.0

access-group input ANYONE

nat-pool 1001 1.1.1.250 1.1.1.250 netmask 255.255.255.0 pat

service-policy input VLAN10-VIPS

no shutdown

HTH

Syed Iftekhar Ahmed

New Member

Re: ACE - rserver can not access VIP

334
Views
0
Helpful
6
Replies