I've a quick question about bridged mode in an ACE module.
Is it possible to have the servers on a separate subnet rather than on a directly connected VLAN?
Due to limitations brought on by physical aspects of the setup (and also security policy), I cannot put the ACE right next to the servers. ACE on a stick isn't feasible due to PBR smashing the CPU of the msfc so I'm thinking the ACE needs to be in bridged mode as we have to keep IP address transparency so the servers can perform policy functions based on client IP address.
I've attached a .jpg illustrating the basic setup.
The pertinent question i guess is: Can we use the ACE to loadbalance to servers that are NOT on the bridged VLAN subnet and will also quite possibly be on different subnets themselves?
Any suggestions are very much appreciated.
Solved! Go to Solution.
As long as there is one to one nat on the firewall it should work just fine.
Even though the servers will be one subnet away but the natted IP will act as local IP for the ACE.
For config reference look at the following link :
hope that helps.
Thanks a lot for the reply, it's very helpful.
At the moment, there isn't any NATting present in the solution and if I can avoid it I'd like to; I'm not ruling it out though, I would just like to avoid NATting if I can.
Do you know if the server IPs need to be on the local subnet in bridged mode? ie, can they be on separate subnets altogether (assuming no NAT can take place?).
Thanks again for your help.