Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Connecting to VIP on ACE not working.

Hello All,I am having trouble connecting to the VIP I created on the ACE module running on the 6509 chassis.

The connection to the VIP seems to be working as it passes traffic on to the LB server but the return traffic is not getting back.

The architecture of the environment is the following:

MSFC -> FWSM (routed mode) -> ACE (bridged mode)

I have defined the L2 VLAN's on the MSFC, L3 VLAN's are on the FWSM, and set up the ACE in bridged mode with bvi's tying the client access and server access VLAN's.

I can directly connect to the LB servers by using their real IP addresses. But telneting to the VIP does not work.

I am using Windows RDP as the protocol to test, since these servers are windows based.

Would appreciate some assistance in getting this problem resolved.

Thank you.


Below is the stats from the connections and the service-policy statistics and I am attaching the configs of the ACE:


adr-msfc-ace/dmz# sh service-policy EPAY_STAGE_MAP | b TEST

class: TEST-VIP


L7 loadbalance policy: TEST-POLICY

VIP Route Metric : 77

VIP Route Advertise : DISABLED



curr conns : 1 , hit count : 1

dropped conns : 0

client pkt count : 0 , client byte count: 0

server pkt count : 0 , server byte count: 0

adr-msfc-ace/dmz# sh conn detail

total current connections : 2

conn-id np dir proto vlan source destination state


9 1 in TCP 200 ESTAB

[ idle time : 00:22:31, byte count : 192 ]

[ elapsed time: 00:22:40, packet count: 3 ]

10 1 out TCP 300 ESTAB

[ conn in reuse pool : FALSE]

[ idle time : 00:22:29, byte count : 144 ]

[ elapsed time: 00:22:40, packet count: 3 ]

New Member

Re: Connecting to VIP on ACE not working.

I got to resolve the problem with the help of a TAC case engineer. He said to use the "mac-sticky enable" command on the ingress L2 VLAN interface of the ACE module, that will force the traffic out of the ACE using that interface.

Once that command was in lace I was able to connect to the VIP.

Hope this helps someone who is seeing hte same problem.