https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764709#M14652 <P>I have been given the task of configuring a Cisco ACE20 initially for SLB. I have configured IOS SLB sucesfully but the ACE appears far more complex. Does anyone have any confgiuration guides with diagrams. The Cisco documentation only gives command guides which I am finding difficult to follow. I have set up a test scenario as follows:</P><P></P><P>Client side vlan 10 - 172.22.152.0 / 21</P><P>Server side vlan 17 - 172.22.244.0 /24</P><P></P><P>Vlan 10 is set up on Sup720 as L2/3</P><P>Vlan 17 is set up on Sup720 as L2 only</P><P></P><P>PC with IIS running with IP address 172.22.244.101</P><P></P><P>VIP address 172.22.152.6</P><P>Rserver address 172.22.244.101</P><P></P><P>Route on ACE 0.0.0.0 0.0.0.0 172.22.152.2</P><P></P><P>I can ping the rserver from ACE OK as I have captured the ICMP traffic with analyser, when I attempt to HTTP to the vserver address I see the traffic hit the ACE but it sends TCP resets. </P><P></P><P>I can provide the full config of the ACE etc if needed.</P><P></P><P>With IOS SLB (without NAT) I used loopback addresses on the real servers from the ACE documentation it appears the VIP address has to be completely unique, does this mean there is no need for loopback interfaces. Also does the VIP address have to be in a different subnet than the clients as mine is not but it is in the same subnet as my client side vlan as was stated in the ACE getting started guide.</P><P></P><P>I am very new to content swithing especially classifying traffic etc, can anyone please help ?</P> Tue, 10 Jul 2007 19:31:31 GMT Dan Smith 2007-07-10T19:31:31Z https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764709#M14652 <P>I have been given the task of configuring a Cisco ACE20 initially for SLB. I have configured IOS SLB sucesfully but the ACE appears far more complex. Does anyone have any confgiuration guides with diagrams. The Cisco documentation only gives command guides which I am finding difficult to follow. I have set up a test scenario as follows:</P><P></P><P>Client side vlan 10 - 172.22.152.0 / 21</P><P>Server side vlan 17 - 172.22.244.0 /24</P><P></P><P>Vlan 10 is set up on Sup720 as L2/3</P><P>Vlan 17 is set up on Sup720 as L2 only</P><P></P><P>PC with IIS running with IP address 172.22.244.101</P><P></P><P>VIP address 172.22.152.6</P><P>Rserver address 172.22.244.101</P><P></P><P>Route on ACE 0.0.0.0 0.0.0.0 172.22.152.2</P><P></P><P>I can ping the rserver from ACE OK as I have captured the ICMP traffic with analyser, when I attempt to HTTP to the vserver address I see the traffic hit the ACE but it sends TCP resets. </P><P></P><P>I can provide the full config of the ACE etc if needed.</P><P></P><P>With IOS SLB (without NAT) I used loopback addresses on the real servers from the ACE documentation it appears the VIP address has to be completely unique, does this mean there is no need for loopback interfaces. Also does the VIP address have to be in a different subnet than the clients as mine is not but it is in the same subnet as my client side vlan as was stated in the ACE getting started guide.</P><P></P><P>I am very new to content swithing especially classifying traffic etc, can anyone please help ?</P> Tue, 10 Jul 2007 19:31:31 GMT https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764709#M14652 Dan Smith 2007-07-10T19:31:31Z https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764710#M14653 <HTML><HEAD></HEAD><BODY><P>could you please share your config and a 'show service-policy'.</P><P>Will start helping you from there.</P><P></P><P>The vip can be any ip you want.</P><P>You can use it as a loopback on the servers, but we usually do this when the loabalancer forward without nating.</P><P>This is not mandatory.</P><P></P><P>Gilles.</P></BODY></HTML> Wed, 11 Jul 2007 05:30:10 GMT https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764710#M14653 Gilles Dufour 2007-07-11T05:30:10Z https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764711#M14654 <HTML><HEAD></HEAD><BODY><P>Config attached.........</P><P></P><P></P><P> </P><P></P></BODY></HTML> Wed, 11 Jul 2007 07:04:18 GMT https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764711#M14654 Dan Smith 2007-07-11T07:04:18Z https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764712#M14655 <HTML><HEAD></HEAD><BODY><P> curr conns : 0 , hit count : 2</P><P> dropped conns : 2</P><P> client pkt count : 3 , client byte count: 240</P><P> server pkt count : 0 , server byte count: 0</P><P></P><P>Are you sure your servers are responding ?</P><P>can you sniff on the server to see if they receive a SYN and if they respond with a SYN/ACK in the right direction [ACE].</P><P></P><P>The config looks good.</P><P></P><P>Gilles.</P></BODY></HTML> Wed, 11 Jul 2007 09:58:14 GMT https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764712#M14655 Gilles Dufour 2007-07-11T09:58:14Z https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764713#M14656 <HTML><HEAD></HEAD><BODY><P>Giles</P><P></P><P>Capture attached (etherreal).</P><P></P><P>I am the client on 172.21.17.20, the VIP address 172.22.152.6 replies with a RST/ACK. I can see the connection attempt on the ACE:</P><P></P><P>switch/Admin# sh conn</P><P></P><P>total current connections : 6</P><P></P><P>conn-id np dir proto vlan source destination state</P><P>----------+--+---+-----+----+---------------------+---------------------+------+</P><P>4 1 in TCP 10 172.21.17.20:1291 172.22.152.6:80 SYNSEEN</P><P>1 1 out TCP 17 172.22.152.6:80 172.21.17.20:1291 INIT</P><P>3 1 in TCP 10 172.21.17.20:1285 172.22.152.5:23 ESTAB</P><P>5 1 out TCP 10 172.22.152.5:23 172.21.17.20:1285 ESTAB</P><P>4 2 in UDP 17 172.22.244.101:1042 172.28.7.25:161 --</P><P>2 2 out UDP 10 172.28.7.25:161 172.22.244.101:1042 --</P><P>switch/Admin#</P><P></P><P>Do I need a loopback address on the real server. Also I only have one real server set-up at the moment - I didn't think this would matter.</P><P></P><P>Hope this helps....</P><P></P><P>Paul</P><P></P><P> </P><P></P></BODY></HTML> Wed, 11 Jul 2007 11:57:35 GMT https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764713#M14656 Dan Smith 2007-07-11T11:57:35Z https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764714#M14657 <HTML><HEAD></HEAD><BODY><P>remove "transparent" from the server farm</P><P></P><P>serverfarm host WEB-FARM</P><P> description WEB SERVERFARM</P><P> rserver WEB1</P><P> inservice</P><P> rserver WEB2</P><P> inservice</P><P></P><P>Syed Iftekhar Ahmed</P></BODY></HTML> Wed, 11 Jul 2007 20:31:04 GMT https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764714#M14657 Syed Iftekhar Ahmed 2007-07-11T20:31:04Z https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764715#M14658 <HTML><HEAD></HEAD><BODY><P>Thank you very much - That has worked. I read in one of the manuals that this command had to be included.</P><P></P><P>One other question - If server administrators require remote access to the rservers real IP address (like ours do), as the rservers are not part of a L3 network on our intermidiate routers I configured a static route via the ACE client side interface as follows:-</P><P></P><P>ip route 172.22.244.101 255.255.255.255 172.22.152.5</P><P></P><P>Is this best practice or should I be using a different method.</P></BODY></HTML> Thu, 12 Jul 2007 10:03:41 GMT https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764715#M14658 Dan Smith 2007-07-12T10:03:41Z https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764716#M14659 <HTML><HEAD></HEAD><BODY><P>You just need to make sure that intermediate routing devices can route traffic to the real and your ACE should allow traffic to the real.</P><P></P><P>Static routes can definitely help.</P><P></P><P>Syed Iftekhar Ahmed</P></BODY></HTML> Thu, 12 Jul 2007 16:41:23 GMT https://community.cisco.com/t5/application-networking/configuring-cisco-ace/m-p/764716#M14659 Syed Iftekhar Ahmed 2007-07-12T16:41:23Z