I set this up in the lab and I can't get the EE peers to connect. EE uses UDP 12000-12005. The initial XID exchange uses UDP 12000. Connecting from the EE client to the vip, you can see that the ACE NATs the dest-ip towards the rserver, it also takes a source port from the ephemeral range. Client is 22.214.171.124, vip 126.96.36.199, rserver 188.8.131.52. Note that the EE server responds to port 12000 (not 28192)
cdn-ace-1/mwinnett# cap msw start
17:17:31.733579 0:13:60:30:fe:89 0:b:fc:fe:1b:cc 0800 45: 184.108.40.206.12000 > 220.127.116.11.12000: [udp sum ok] udp 3 [tos 0xc0] (ttl 254, id 43876, len 31)
17:17:31.733751 0:b:fc:fe:1b:cc 0:13:60:30:fe:89 0800 45: 18.104.22.168.28192 > 22.214.171.124.12000: [bad udp cksum c191!] udp 3 [tos 0xc0] (ttl 254, id 43876, len 31, bad cksum bcd!)
17:17:31.736979 0:13:60:30:fe:89 0:b:fc:fe:1b:cc 0800 45: 126.96.36.199.12000 > 188.8.131.52.12000: [udp sum ok] udp 3 [tos 0xc0] (ttl 254, id 1815, len 31)
17:17:31.737134 0:b:fc:fe:1b:cc 0:13:60:30:fe:89 0800 45: 184.108.40.206.12000 > 220.127.116.11.12000: [udp sum ok] udp 3 [tos 0xc0] (ttl 254, id 1815, len 31)
However, when I check back at the EE client, you can see that the source IP address is not natted
Nothing really magic here. I uses Cisco snasw routers as client and server and the issues that I encountered relating to port usage are probably specific to how we implement EE. Bearing mind that the basis of our Snasw implementation is the same as that used by the MS Sna server, its likely that any other implementation will have the same issues.
If you want to share more details of what you are trying to achieve, maybe I can help further.
access-list anyany line 10 extended permit ip any any
probe icmp ping-test
passdetect interval 20
passdetect count 2
rserver host dymock
ip address 18.104.22.168
rserver host kilcot
ip address 22.214.171.124
serverfarm host snas-serverfarm
class-map type management match-any remote-mgmt
10 match protocol ssh any
20 match protocol telnet any
30 match protocol icmp any
40 match protocol http any
50 match protocol https any
class-map match-all snasw-class
10 match virtual-address 126.96.36.199 any
policy-map type management first-match remote-access
policy-map type loadbalance first-match round-robin-snasw
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...