Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Converting from CSS11501 to ACE 4710 appliance - Need help

I am trying to replicate this environment (see attached) on our new ace appliances but it doesn't like what the css-conversion tool had me do and the only way I can make it work is with transparent mode, no NAT, and the default route being set on my servers to the ACE. This is not a good solution since these servers are accessed by user subnets directly in some cases. What I tried....

(this works, says service is operational)

probe tcp p80_PROBE

interval 15

passdetect interval 5

port 80

rserver host web-s1

inservice

ip address 192.168.1.2

rserver host web-s2

inservice

ip address 192.168.1.3

serverfarm host web

probe p80_PROBE

rserver web-s1 80

inservice

rserver web-s2 80

inservice

class-map match-all web_CLASS

match virtual-address 192.168.100.66 tcp eq 80

policy-map type loadbalance first-match web_POLICY

class class-default

serverfarm web

policy-map multi-match POLICY

class web_CLASS

loadbalance vip inservice

loadbalance vip icmp-reply active

loadbalance policy web_POLICY

nat dynamic 10 vlan 100

interface vlan 100

nat-pool 10 192.168.100.66 netmask 255.255.255.0 pat

service-policy input POLICY

I have also put ACLs allowing everything on all interfaces but that doesn't change anything.

serverfarm details shows failures and no connections when i try to access from my browser

am I messing up how I do NAT? What else may be the issue?

2 REPLIES
New Member

Re: Converting from CSS11501 to ACE 4710 appliance - Need help

Is that an edited config from your ACE? I just don't see an IP address for the interface. You will want the ACL as well or the ACE will deny the connections.

New Member

Re: Converting from CSS11501 to ACE 4710 appliance - Need help

yes it is edited, i assigned an ip address and also added an access-group in and out that permits any any

147
Views
0
Helpful
2
Replies
CreatePlease to create content