Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
1
Replies

Connecting to VIP on ACE not working.

dtochilovsky
Level 1
Level 1

‎04-23-2008 09:34 AM

Hello All,I am having trouble connecting to the VIP I created on the ACE module running on the 6509 chassis.

The connection to the VIP seems to be working as it passes traffic on to the LB server but the return traffic is not getting back.

The architecture of the environment is the following:

MSFC -> FWSM (routed mode) -> ACE (bridged mode)

I have defined the L2 VLAN's on the MSFC, L3 VLAN's are on the FWSM, and set up the ACE in bridged mode with bvi's tying the client access and server access VLAN's.

I can directly connect to the LB servers by using their real IP addresses. But telneting to the VIP does not work.

I am using Windows RDP as the protocol to test, since these servers are windows based.

Would appreciate some assistance in getting this problem resolved.

Thank you.

Dmitry

Below is the stats from the connections and the service-policy statistics and I am attaching the configs of the ACE:

-----------------------------------------

adr-msfc-ace/dmz# sh service-policy EPAY_STAGE_MAP | b TEST

class: TEST-VIP

loadbalance:

L7 loadbalance policy: TEST-POLICY

VIP Route Metric : 77

VIP Route Advertise : DISABLED

VIP ICMP Reply : ENABLED-WHEN-ACTIVE

VIP State: INSERVICE

curr conns : 1 , hit count : 1

dropped conns : 0

client pkt count : 0 , client byte count: 0

server pkt count : 0 , server byte count: 0

adr-msfc-ace/dmz# sh conn detail

total current connections : 2

conn-id np dir proto vlan source destination state

----------+--+---+-----+----+---------------------+---------------------+------+

9 1 in TCP 200 192.168.4.6:33469 10.194.0.40:3389 ESTAB

[ idle time : 00:22:31, byte count : 192 ]

[ elapsed time: 00:22:40, packet count: 3 ]

10 1 out TCP 300 10.194.0.61:3389 192.168.4.6:33469 ESTAB

[ conn in reuse pool : FALSE]

[ idle time : 00:22:29, byte count : 144 ]

[ elapsed time: 00:22:40, packet count: 3 ]

Labels:
Preview file
8 KB
Preview file
2 KB
0 Helpful
1 Reply 1

dtochilovsky
Level 1
Level 1

‎04-23-2008 11:58 AM

I got to resolve the problem with the help of a TAC case engineer. He said to use the "mac-sticky enable" command on the ingress L2 VLAN interface of the ACE module, that will force the traffic out of the ACE using that interface.

Once that command was in lace I was able to connect to the VIP.

Hope this helps someone who is seeing hte same problem.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents