Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ICMP and Real Servers ACE30

Hi All,

I am encountering the following issue.

I am trying to ping from different contexts the real servers behind the ACE.

I have configured on the interface of the Real Server outbound nat.

I can see on the connection table that the icmp request is received and NAT is performed but I am getting request timed out.

I am succefully able to ping the VIP addresses. I have also tried removing icmp-guard but this didn't help.

My question is if I can somehow not use the outbound nat for icmp, or does someone have another solution to my problem.

The version being used on the ACE is 5.2.1.

Thanks in Advance.

Jack.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

ICMP and Real Servers ACE30

TAC case was opened:

rserver1 -- ACE context 1 -- FWa - L3 device -- FWb --- ACE context 2 -- rserver2

ping from rserver 1 to rserver 2 was not working 

we noticed that the FWb is sending the request directly to the rserver2 since its subnet is directly conencted to it, and the rserver has it's default GW as ACE context 2.

we configured source NAT on FWb similar to the following and now it works fine.

access-list test extended permit icmp any host rserver2

nat (outsideIF) 123 access-list test outside
global (rserversIF) 123 interface
3 REPLIES
New Member

ICMP and Real Servers ACE30

Hi Jack

Is this the traffic flow

Client ----- ICMP -----> ACE ----> Server

And you are trying to ping the server from the client directly ?

Can you attach the configuration ?

Thanks

Vikas Purbiya

Cisco Employee

ICMP and Real Servers ACE30

Question: I am trying to ping from different contexts the real servers behind the ACE.

Answer: Every context in ACE behaves as an individual load balancer. They have their own routing and swithcing decision. If you have configured servers in context ABC and are trying to ping from Context CDE this will not work.

Inter-context communication is not allowed within the ACE. Even if  both context are sharing a common VLAN traffic you need another L3 device to make them communicate. 

New Member

ICMP and Real Servers ACE30

TAC case was opened:

rserver1 -- ACE context 1 -- FWa - L3 device -- FWb --- ACE context 2 -- rserver2

ping from rserver 1 to rserver 2 was not working 

we noticed that the FWb is sending the request directly to the rserver2 since its subnet is directly conencted to it, and the rserver has it's default GW as ACE context 2.

we configured source NAT on FWb similar to the following and now it works fine.

access-list test extended permit icmp any host rserver2

nat (outsideIF) 123 access-list test outside
global (rserversIF) 123 interface
528
Views
5
Helpful
3
Replies
CreatePlease login to create content