Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE server initiating traffic issue

Hello

I'm trying to establish a session between one of my real servers behind the ace and some external network without any NAT. According to the documentation I should only configure correct ACL on both the client and server vlan and it should works. Unfortunately, although I see hits in the ACL configured on the outside direction for client vlan the traffic is not passing the ACE.

When I configure the capture I can see traffic only in the server vlan. There is no traffic in the client vlan.

Does anybody know what else should I configure ?

Thank you in advance

Regards

Lucas

7 REPLIES
Silver

Re: ACE server initiating traffic issue

Hi,

Make sure that the routers in your network know the path to the subnet behind the ACE. You can do this by configuring a static route on your upstream router connected to the ACE, and redistribute this static route in your routing protocol.

The static route on your upstream router should have the alias address (in case of HA) or the physical address of the ACE as next hop.

HTH,

Dario

New Member

Re: ACE server initiating traffic issue

Hello

I did it. Finally I found that the packets were living the ACE but I could not see them in the capture. I captured them by using span port on the ACE client vlan.

Is seems that the ACE does not show the outgoing traffic in the capture. At least in the A2(1.5) version.

Regards

Lukas

New Member

Re: ACE server initiating traffic issue

are trying to initiate a traffic using the server IP or the VIP ip?

New Member

Re: ACE server initiating traffic issue

The server ip

New Member

Re: ACE server initiating traffic issue

if you are natting server ip to the ACE VIP, you may switch to DSR which allow the servers to source packets using the VIP IP.

New Member

Re: ACE server initiating traffic issue

but if you want the rserver to send traffic without any NAT or using the VIP IP,

make sure you apply your access list to the inbout interfaces and static route from the ACE to the next hop MSFC

Silver

Re: ACE server initiating traffic issue

Hi,

the capture feature on the ACE only works in the input direction:

The packet capture function enables access-control lists (ACLs) to control which packets are captured by the ACE on the input interface.

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/admin/guide/managesw.html#wp1035160

Is your problem resolved now or does this still not work?

If so, what do you see in the capture?

HTH,

Dario

444
Views
0
Helpful
7
Replies
CreatePlease login to create content