Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ACE behinf a firewall

Hello,

I am facing the follwoing problem,

we have configured a cisco ace 4710 with VIP to load balance between two servers,

this cisco ace is placed behind a cisco asa firewall ( with failover ) and the firewall is passthrough ( passing all traffic),

when the clients requesting the VIP from the external network of the firewall they cannot reach the VIP,

but when clients connect from the inside network of the firewall they can reach the VIP,

we made a test by placing the ACE in the external network and load balance the two servers inside the firewall and in this case the clients was able to access the VIP and requesting the two servers ,

looking for your support,

1 REPLY
Cisco Employee

Cisco ACE behinf a firewall

Hi,

As i understand the non-working condition is: client--->FW----->(vip)ACE----->servers.

During the problem did you know if client traffic was reaching the ACE VIP? Could it be FW blocking the traffic or sending it somewhere else(wrong routes etc). Did you see "sh conn" output on ACE see if you got one leg of the connection atleast?

Did you see any failure counters on "show service-policy ".

If you have ruled FW problem then taking a pcap on ACE itself can show what is going on.

Regards,

Kanwal

310
Views
0
Helpful
1
Replies
CreatePlease to create content