Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Web server return traffic does not go through ACE

Hi ,

I had configured ACE for my web servers ,

when i tried to hit VIP of webserver, return traffic directly tries to hit client.

Is there any command to instruct ACE (like group in CSS) for same.




Re: Web server return traffic does not go through ACE

Are you running ACE in routed/Bridge mode? If you are running it in routed mode then make sure that server side vlan SVI is not configured on MSFC.

When you configure a source group in CSS, a CSS provides network address translation (NAT) of source IP addresses and port address translation (PAT) of source ports.

This can be achieved in ACE as well

class-map nat

match source-address any


policy-map multi-match nat

class nat

nat dynamic 1 vlan 100


interface vlan 20 <-- Client Vlan

ip address

service-policy input nat


interface vlan 100 <-- Server Vlan

ip address

nat-pool 1 netmask pat

With the above config all traffic will be source nated to before hitting the real server. Return traffic from servers will be destined to and as a result will end up to ACE.

Hope it helps

Syed Iftekhar Ahmed

CreatePlease to create content