Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
971
Views
5
Helpful
3
Replies

ICMP and Real Servers ACE30

Go to solution
jackwikinski
Level 1
Level 1

‎06-20-2012 06:33 AM

Hi All,

I am encountering the following issue.

I am trying to ping from different contexts the real servers behind the ACE.

I have configured on the interface of the Real Server outbound nat.

I can see on the connection table that the icmp request is received and NAT is performed but I am getting request timed out.

I am succefully able to ping the VIP addresses. I have also tried removing icmp-guard but this didn't help.

My question is if I can somehow not use the outbound nat for icmp, or does someone have another solution to my problem.

The version being used on the ACE is 5.2.1.

Thanks in Advance.

Jack.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tareq Musmar
Cisco Employee
Cisco Employee

‎06-25-2012 02:53 AM 

TAC case was opened:

rserver1 -- ACE context 1 -- FWa - L3 device -- FWb --- ACE context 2 -- rserver2

ping from rserver 1 to rserver 2 was not working 

we noticed that the FWb is sending the request directly to the rserver2 since its subnet is directly conencted to it, and the rserver has it's default GW as ACE context 2.

we configured source NAT on FWb similar to the following and now it works fine.

access-list test extended permit icmp any host rserver2

nat (outsideIF) 123 access-list test outside
global (rserversIF) 123 interface

View solution in original post

0 Helpful
3 Replies 3

Go to solution
vpurbiya
Level 1
Level 1

‎06-22-2012 04:01 AM

Hi Jack

Is this the traffic flow

Client ----- ICMP -----> ACE ----> Server

And you are trying to ping the server from the client directly ?

Can you attach the configuration ?

Thanks

Vikas Purbiya

0 Helpful

Go to solution
ajayku2
Cisco Employee
Cisco Employee

‎06-24-2012 02:25 AM

Question: I am trying to ping from different contexts the real servers behind the ACE.

Answer: Every context in ACE behaves as an individual load balancer. They have their own routing and swithcing decision. If you have configured servers in context ABC and are trying to ping from Context CDE this will not work.

Inter-context communication is not allowed within the ACE. Even if  both context are sharing a common VLAN traffic you need another L3 device to make them communicate. 

Go to solution
Tareq Musmar
Cisco Employee
Cisco Employee

‎06-25-2012 02:53 AM 

TAC case was opened:

rserver1 -- ACE context 1 -- FWa - L3 device -- FWb --- ACE context 2 -- rserver2

ping from rserver 1 to rserver 2 was not working 

we noticed that the FWb is sending the request directly to the rserver2 since its subnet is directly conencted to it, and the rserver has it's default GW as ACE context 2.

we configured source NAT on FWb similar to the following and now it works fine.

access-list test extended permit icmp any host rserver2

nat (outsideIF) 123 access-list test outside
global (rserversIF) 123 interface
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents