topic Re: Web server return traffic does not go through ACE in Application Networking https://community.cisco.com/t5/application-networking/web-server-return-traffic-does-not-go-through-ace/m-p/695450#M13239 <HTML><HEAD></HEAD><BODY><P>Are you running ACE in routed/Bridge mode? If you are running it in routed mode then make sure that server side vlan SVI is not configured on MSFC.</P><P></P><P>When you configure a source group in CSS, a CSS provides network address translation (NAT) of source IP addresses and port address translation (PAT) of source ports.</P><P></P><P>This can be achieved in ACE as well</P><P></P><P></P><P>class-map nat</P><P> match source-address any</P><P>!</P><P>policy-map multi-match nat</P><P> class nat</P><P> nat dynamic 1 vlan 100 </P><P>!</P><P>interface vlan 20 &lt;-- Client Vlan</P><P> ip address 10.20.10.1 255.255.255.0</P><P> service-policy input nat </P><P> !</P><P>interface vlan 100 &lt;-- Server Vlan</P><P> ip address 10.10.10.100 255.255.255.0</P><P> nat-pool 1 10.10.10.18 netmask 255.255.255.255 pat </P><P></P><P>With the above config all traffic will be source nated to 10.10.10.18 before hitting the real server. Return traffic from servers will be destined to 10.10.10.18 and as a result will end up to ACE.</P><P></P><P>Hope it helps</P><P>Syed Iftekhar Ahmed</P><P></P></BODY></HTML> Tue, 20 Mar 2007 21:56:20 GMT Syed Iftekhar Ahmed 2007-03-20T21:56:20Z Web server return traffic does not go through ACE https://community.cisco.com/t5/application-networking/web-server-return-traffic-does-not-go-through-ace/m-p/695449#M13238 <P>Hi ,</P><P></P><P>I had configured ACE for my web servers ,</P><P>when i tried to hit VIP of webserver, return traffic directly tries to hit client.</P><P></P><P>Is there any command to instruct ACE (like group in CSS) for same.</P><P></P><P>Thanks</P><P>Aniruddha</P> Tue, 20 Mar 2007 20:51:57 GMT https://community.cisco.com/t5/application-networking/web-server-return-traffic-does-not-go-through-ace/m-p/695449#M13238 ab_parkhi 2007-03-20T20:51:57Z Re: Web server return traffic does not go through ACE https://community.cisco.com/t5/application-networking/web-server-return-traffic-does-not-go-through-ace/m-p/695450#M13239 <HTML><HEAD></HEAD><BODY><P>Are you running ACE in routed/Bridge mode? If you are running it in routed mode then make sure that server side vlan SVI is not configured on MSFC.</P><P></P><P>When you configure a source group in CSS, a CSS provides network address translation (NAT) of source IP addresses and port address translation (PAT) of source ports.</P><P></P><P>This can be achieved in ACE as well</P><P></P><P></P><P>class-map nat</P><P> match source-address any</P><P>!</P><P>policy-map multi-match nat</P><P> class nat</P><P> nat dynamic 1 vlan 100 </P><P>!</P><P>interface vlan 20 &lt;-- Client Vlan</P><P> ip address 10.20.10.1 255.255.255.0</P><P> service-policy input nat </P><P> !</P><P>interface vlan 100 &lt;-- Server Vlan</P><P> ip address 10.10.10.100 255.255.255.0</P><P> nat-pool 1 10.10.10.18 netmask 255.255.255.255 pat </P><P></P><P>With the above config all traffic will be source nated to 10.10.10.18 before hitting the real server. Return traffic from servers will be destined to 10.10.10.18 and as a result will end up to ACE.</P><P></P><P>Hope it helps</P><P>Syed Iftekhar Ahmed</P><P></P></BODY></HTML> Tue, 20 Mar 2007 21:56:20 GMT https://community.cisco.com/t5/application-networking/web-server-return-traffic-does-not-go-through-ace/m-p/695450#M13239 Syed Iftekhar Ahmed 2007-03-20T21:56:20Z