Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1468
Views
0
Helpful
1
Replies

ACE 4710 Pls need help

3225925
Level 1
Level 1

‎10-08-2012 09:17 AM

Hi,


Pls can you help me find out where is my error in the below:

I have an ACE 4710. Also I have 2 Bluecoat Proxy SG working in proxy mode. I want the ACE to be the Load Balancer for these 2 Proxy SG. I configure the ACE as below and put the vip-address in the Internet Explorer LAN Settings but it did not work. Also I configure Policy-based Routing on the Core Switch (for any http or https traffic going through core apply set ip next-hop vip-address).

Core SW SVI:

interface Vlan56

description BC Proxy

ip address 10.0.1.33 255.255.255.224

interface Vlan57

description ACE-LB-Alias

ip address 10.0.1.65 255.255.255.224

ACE 4710:

hostname VSS-ACE-BC-01

interface gigabitEthernet 1/1

  description Management

  speed 1000M

  duplex FULL

  switchport access vlan 101

  no shutdown

interface gigabitEthernet 1/2

  description User Side

  speed 1000M

  duplex FULL

  switchport access vlan 56

  no shutdown

interface gigabitEthernet 1/3

  description BC Proxy Side

  speed 1000M

  duplex FULL

  switchport access vlan 57

  no shutdown

interface gigabitEthernet 1/4

  description Failover

  speed 1000M

  duplex FULL

  ft-port vlan 900

  no shutdown

context Admin

  member sticky

access-list external line 10 extended permit ip any any

access-list external line 20 extended permit icmp any any

access-list external line 30 extended permit tcp any any

access-list external line 40 extended permit udp any any

access-list internal line 10 extended permit ip any any

access-list internal line 20 extended permit icmp any any

access-list internal line 30 extended permit tcp any any

access-list internal line 40 extended permit udp any any

probe tcp web443

  port 443

  interval 30

  faildetect 1

  passdetect interval 30

  passdetect count 1

  open 1

probe tcp web8080

  port 8080

  interval 30

  faildetect 1

  passdetect interval 30

  passdetect count 1

  open 1

rserver host BC01

  ip address 10.0.1.41

  inservice

rserver host BC02

  ip address 10.0.1.42

  inservice

serverfarm host web443

  probe web443

  rserver BC01

    inservice

  rserver BC02

    inservice

serverfarm host web8080

  probe web8080

  rserver BC01

    inservice

  rserver BC02

    inservice

sticky ip-netmask 255.255.255.255 address source group1

  replicate sticky

  serverfarm web8080

sticky ip-netmask 255.255.255.255 address source group2

  replicate sticky

  serverfarm web443

class-map type management match-any REMOTE_ACCESS

  2 match protocol telnet any

  3 match protocol ssh any

  4 match protocol icmp any

  5 match protocol http any

  6 match protocol snmp any

class-map match-all external-web

  2 match virtual-address 10.0.1.70 any

class-map match-all external-web443

  2 match virtual-address 10.0.1.70 any

class-map match-any nat-class

  2 match access-list external

policy-map type management first-match REMOTE_MGMT

  class REMOTE_ACCESS

    permit

policy-map type loadbalance http first-match slb

  class class-default

    sticky-serverfarm group1

policy-map type loadbalance http first-match slb443

  class class-default

    sticky-serverfarm group2

policy-map multi-match external-access

  class nat-class

    nat dynamic 1 vlan 57

  class external-web

    loadbalance vip inservice

    loadbalance policy slb

  class external-web443

    loadbalance vip inservice

    loadbalance policy slb443

timeout xlate 120

interface vlan 56

  description Server-Side

  ip address 10.0.1.43 255.255.255.224

  ip verify reverse-path

  alias 10.0.1.40 255.255.255.224

  peer ip address 10.0.1.44 255.255.255.224

  mac-address autogenerate

  access-group input internal

  service-policy input REMOTE_MGMT

  no shutdown

interface vlan 57

  description VIP-Interface

  ip address 10.0.1.67 255.255.255.224

  alias 10.0.1.66 255.255.255.224

  peer ip address 10.0.1.68 255.255.255.224

  mac-address autogenerate

  access-group input external

  service-policy input external-access

  service-policy input REMOTE_MGMT

  no shutdown

interface vlan 101

  description Management

  ip address 10.220.1.131 255.255.255.0

  alias 10.220.1.133 255.255.255.0

  peer ip address 10.220.1.132 255.255.255.0

  mac-address autogenerate

  service-policy input REMOTE_MGMT

  no shutdown

ft interface vlan 900

  ip address 172.20.100.1 255.255.255.252

  peer ip address 172.20.100.2 255.255.255.252

  no shutdown

ft peer 1

  heartbeat interval 300

  heartbeat count 20

  ft-interface vlan 900

ft group 1

  peer 1

  priority 200

  peer priority 150

  associate-context Admin

  inservice

ip route 0.0.0.0 0.0.0.0 10.0.1.65

Labels:
0 Helpful
1 Reply 1

ajayku2
Cisco Employee
Cisco Employee

‎10-22-2012 03:46 AM

I see that you used:

  nat dynamic 1 vlan 57

Where is the nat pool on Vlan 57 ?

May be you can try to assign that and that should help.

Something like below:

Interface vlan 57

nat-pool 1 10.0.1.93 10.0.1.93 netmask 255.255.255.224 pat

regards,

Ajay Kumar

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card