cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
556
Views
4
Helpful
4
Replies
Highlighted
Participant

ACE bridged mode

Hi All,

I've a quick question about bridged mode in an ACE module.

Is it possible to have the servers on a separate subnet rather than on a directly connected VLAN? 

Due to limitations brought on by physical aspects of the setup (and also security policy), I cannot put the ACE right next to the servers. ACE on a stick isn't feasible due to PBR smashing the CPU of the msfc so I'm thinking the ACE needs to be in bridged mode as we have to keep IP address transparency so the servers can perform policy functions based on client IP address.

I've attached a .jpg illustrating the basic setup.

The pertinent question i guess is:  Can we use the ACE to loadbalance to servers that are NOT on the bridged VLAN subnet and will also quite possibly be on different subnets themselves?

Any suggestions are very much appreciated.

Thanks All!

Brad

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi Brad,

I dont see that as a feasible option. I cant think of a way to achieve it in Bridge mode.

regards,

Ajay Kumar

View solution in original post

4 REPLIES 4
Highlighted
Enthusiast

Hi Brad,

As long as there is one to one nat on the firewall it should work just fine.

Even though the servers will be one subnet away but the natted IP will act as local IP for the ACE.

For config reference look at the following link :

http://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_Bridged_Mode_on_the_Cisco_Application_Control_Engine_Configuration_Example

hope that helps.

regards,

Ajay Kumar

Highlighted

Hello Ajay,

Thanks a lot for the reply, it's very helpful. 

At the moment, there isn't any NATting present in the solution and if I can avoid it I'd like to; I'm not ruling it out though, I would just like to avoid NATting if I can.

Do you know if the server IPs need to be on the local subnet in bridged mode?  ie, can they be on separate subnets altogether (assuming no NAT can take place?).

Thanks again for your help.

Brad

Highlighted

Hi Brad,

I dont see that as a feasible option. I cant think of a way to achieve it in Bridge mode.

regards,

Ajay Kumar

View solution in original post

Highlighted

Thanks Ajay.

I appreciate yourr help and time.

Brad

This widget could not be displayed.