Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

group on css

hello ,

is there an equivalent to group command on ace  to migrate :

group group_name

active

add destination service service_name1

add destination service service_name2

add destination service service_name3

Thanx for your support;

Everyone's tags (1)
3 REPLIES

group on css

Hi,

ACE uses nat to accomplish that.

Here you have a sample:

access-list everyone line 8 extended permit ip any any
access-list everyone line 16 extended permit icmp any any

rserver host lnx1
  ip address 192.168.1.11
  inservice
rserver host lnx2
  ip address 192.168.1.12
  inservice
rserver host lnx3
  ip address 192.168.1.13
  inservice
rserver host lnx4
  ip address 192.168.1.14
  inservice
rserver host lnx5
  ip address 192.168.1.15
  inservice

serverfarm host web
  rserver lnx1
    inservice
  rserver lnx2
    inservice
  rserver lnx3
    inservice
  rserver lnx4
    inservice
  rserver lnx5
    inservice

class-map match-all slb-vip
  2 match virtual-address 172.16.5.100 any

policy-map type management first-match remote-access
  class class-default
    permit

policy-map type loadbalance first-match slb
  class class-default
    serverfarm web

policy-map multi-match client-vips
  class slb-vip
    loadbalance vip inservice
    loadbalance policy slb
    nat dynamic 5 vlan 50  ----> nat process

interface vlan 50
  description "Client-Server VLAN"
  ip address 172.16.5.5 255.255.255.0
  access-group input everyone
  service-policy input client-vips
  service-policy input remote-access
  nat-pool 5 172.16.5.200 172.16.5.209 netmask 255.255.255.0 pat --> natpool definition
  no shutdown

ip route 0.0.0.0 0.0.0.0 172.16.5.1

Here you have a link with additional details about it:

http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Troubleshooting_Guide_--_Troubleshooting_Network_Address_Translation#NAT_Configuration_Guidelines_and_Restrictions

Jorge

New Member

group on css

hello ,

ok it's just the same as configure SNat for client/servers hitting the same vip

am I right ?

group on css

Hi,

Yes, in that case you use the VIP

Jorge

322
Views
0
Helpful
3
Replies