Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
954
Views
0
Helpful
4
Replies

One interface configuration for ACE4710

pt_wang
Level 1
Level 1

‎06-16-2012 12:17 AM

My customer they do not want change their real server IPs.

So I need setup one interace (one armed) for them on ACE4710.

Who had this sample configuration? (CSS has this but it seems to be not compitable with ACE)

Labels:
0 Helpful
4 Replies 4

ajayku2
Cisco Employee
Cisco Employee

‎06-16-2012 12:56 AM

Hi,

here it is..

The configuration would be similar to routed mode it is just that you are applying SNAT.

rserver host S1
  ip address 192.168.0.200
  inservice
rserver host S2
  ip address 192.168.0.201
  inservice

serverfarm host SF-1
  rserver S1
    inservice
  rserver S2
    inservice

class-map match-all L4VIPCLASS
  2 match virtual-address 172.16.0.15 tcp eq www

policy-map type loadbalance http first-match WEB_POLICY
  class class-default
    serverfarm SF-1

policy-map multi-match VIPs
  class L4VIPCLASS
    loadbalance vip inservice
    loadbalance policy WEB_POLICY
    loadbalance vip icmp-reply active
    loadbalance vip advertise active
    nat dynamic 1 vlan 240

interface vlan 240
  ip address 172.16.0.130 255.255.255.0
  alias 172.16.0.128 255.255.255.0
  peer ip address 172.16.0.131 255.255.255.0
  access-group input any
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  service-policy input VIPs
  nat-pool 1 192.168.0.254 192.168.0.254 netmask 255.255.255.0 pat



  no shutdown

0 Helpful

pt_wang
Level 1
Level 1
In response to ajayku2

‎06-18-2012 06:19 AM

Thanks.

0 Helpful

Cesar Roque
Level 4
Level 4

‎06-16-2012 02:51 PM

Hi,

Here is a configuration example of HTTP & HTTPS loadbalance in One-Armed Mode:

access-list Allow_Access line 10 extended permit ip any any

rserver host test

  ip address 10.198.16.98

  inservice

rserver host test2

  ip address 10.198.16.93

  inservice

serverfarm host test

  rserver test 80

    inservice

  rserver test2 80

    inservice

ssl-proxy service TEST

  key cert

  cert cert

sticky ip-netmask 255.255.255.255 address source group1

  timeout 720

  serverfarm test

sticky http-cookie test group2

  cookie insert

  serverfarm test

class-map type management match-any NSS-ACCESS

  10 match protocol telnet any

  30 match protocol icmp any

  40 match protocol http any

  50 match protocol https any

class-map match-all VIP

  2 match virtual-address 10.198.16.122 tcp eq www

class-map match-all VIPSSL

  2 match virtual-address 10.198.16.122 tcp eq https

policy-map type management first-match NSS_MGMT

  class NSS-ACCESS

    permit

  class class-default

    permit

policy-map type loadbalance first-match test

  class class-default

    sticky-serverfarm group1

policy-map multi-match clients

  class VIP

    loadbalance vip inservice

    loadbalance policy test

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 112

  class VIPSSL

    loadbalance vip inservice

    loadbalance policy test

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 112

    ssl-proxy server TEST

interface vlan 112

  ip address 10.198.16.91 255.255.255.192

  access-group input Allow_Access

  nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat

  service-policy input NSS_MGMT

  service-policy input clients

  no shutdown

ip route 0.0.0.0 0.0.0.0 10.198.16.65

--------------------- Cesar R ANS Team
0 Helpful

pt_wang
Level 1
Level 1
In response to Cesar Roque

‎06-18-2012 06:19 AM

Thanks.

0 Helpful
Customers Also Viewed These Support Documents