I have two WAE 574 devices and a CM 274 all running code level 188.8.131.52, The CM is behind a PIX firewall. There is no firewall between the branch and core WAE. The branch device is behind a NAT router. The CM and SSL ASA rea behind a PIX 515 firewall. The branch WAE is running inline mode and the core WAE is using WCCP redirection. Both the CM and SSL ASA are reverse NATted on the PIX firewall. The branch WAE has the primary interface unchecked on the CM and is using the NAT address.
I am getting asymmetric route issues. This is because for some reason the NAT address of the branch WAE sends the SYN which is responded to but the ACK is coming from the unnatted private address. When I turn off directed mode I can see optimisation start for some sessions but not for the SSL
Branch WAE Private 184.108.40.206
Branch WAE Public 220.127.116.11
CM private 192.168.20.9
CM public 240.10.10.20
an 15 2012 11:50:58: %PIX-6-106015: Deny TCP (no connection) from 18.104.22.168/46871 to 240.10.10.20/443 flags PSH ACK on interfe
Although the PIX NATs the CM address, the core WAE is still still seeing it's private address.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...