Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
675
Views
0
Helpful
1
Replies

ACE 4710 - Server-initiated source NAT not working

jdaby
Level 1
Level 1

‎10-13-2016 07:54 AM

Hi,

I have a working setup using ACE 4710 where client connections to a VIP located in client VLAN (VLAN 921) are successfully load-balancing to servers in a back-end VLAN (VLAN 804).

I have a requirement for server-initiated connections in server VLAN 804 to also connect to the VIP address.

Source-NAT has been configured, through configuration of an additional class-map in the multi-match policy. The class-map has been configured to match the server IP address that will originate the connection and perform Source-NAT to the address as defined in the NAT-pool statement. 

This seems to partly work as the ACE sees the initial server request and forwards it onwards to the real server. However return traffic from the real server is not going back via the ACE.

This suggests that the Source-NAT isn't working as intended.

I've attached the relevant parts of the ACE configuration along with output showing the connection state for a working TCP connection from client and a non-working connection from the server.

Would appreciate if someone can take a look at the configuration and let me know what's wrong?

Thanks

           

Labels:
Preview file
2 KB
0 Helpful
1 Reply 1

Wade Patterson
Cisco Employee
Cisco Employee

‎01-03-2017 06:35 AM

To clarify,  you're trying to load balance connections within VLAN 804 correct?

EDIT:  Just saw the date posted on this.  LMK if this is now a non-issue.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents