your ar using one-arm mode. This meanse you use only 1 VLAN for client and server traffic.
The problem is that traffic passing the CSS should also return via the CSS.
In one-arm mode this is not the case because the default-gateway of your servers is the upstream router and not the CSS.
In other words, you need to force the servers to send the traffic back to the CSS instead of directly to the router.
This can be accomplished by using source NAT. THis way, the server thinks the traffic was sourced by the CSS, sending te response back to the CSS instead of the router.
You need to configure a source group. In your case, it would look something like this:
vip address 10.20.19.X
add destination service http-ora03m
add destination service http-ora04m
vip address 10.20.19.Y
add destination service https-ora03m
add destination service https-ora04m
vip address 10.20.19.Z
add destination service ora03m-7778
add destination service ora04m-7778
The VIP Addresses in the group are the addresses that will be used to replace the original source address. Note that per group the VIP address should be unique, zo replace the 3 letters with 3 different numbers.
Note that by doing this, you will lose the original source IP Address. This means that you will not be able to account the sources that have accessed your database.
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...