Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
992
Views
4
Helpful
4
Replies

ACE bridged mode

Go to solution
bmcginn
Level 3
Level 3

‎01-03-2013 06:10 PM

Hi All,

I've a quick question about bridged mode in an ACE module.

Is it possible to have the servers on a separate subnet rather than on a directly connected VLAN? 

Due to limitations brought on by physical aspects of the setup (and also security policy), I cannot put the ACE right next to the servers. ACE on a stick isn't feasible due to PBR smashing the CPU of the msfc so I'm thinking the ACE needs to be in bridged mode as we have to keep IP address transparency so the servers can perform policy functions based on client IP address.

I've attached a .jpg illustrating the basic setup.

The pertinent question i guess is:  Can we use the ACE to loadbalance to servers that are NOT on the bridged VLAN subnet and will also quite possibly be on different subnets themselves?

Any suggestions are very much appreciated.

Thanks All!

Brad

Labels:
Preview file
20 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ajayku2
Cisco Employee
Cisco Employee
In response to bmcginn

‎01-07-2013 03:13 AM

Hi Brad,

I dont see that as a feasible option. I cant think of a way to achieve it in Bridge mode.

regards,

Ajay Kumar

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ajayku2
Cisco Employee
Cisco Employee

‎01-03-2013 11:57 PM

Hi Brad,

As long as there is one to one nat on the firewall it should work just fine.

Even though the servers will be one subnet away but the natted IP will act as local IP for the ACE.

For config reference look at the following link :

http://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_Bridged_Mode_on_the_Cisco_Application_Control_Engine_Configuration_Example

hope that helps.

regards,

Ajay Kumar

Go to solution
bmcginn
Level 3
Level 3
In response to ajayku2

‎01-06-2013 03:37 PM

Hello Ajay,

Thanks a lot for the reply, it's very helpful. 

At the moment, there isn't any NATting present in the solution and if I can avoid it I'd like to; I'm not ruling it out though, I would just like to avoid NATting if I can.

Do you know if the server IPs need to be on the local subnet in bridged mode?  ie, can they be on separate subnets altogether (assuming no NAT can take place?).

Thanks again for your help.

Brad

0 Helpful

Go to solution
ajayku2
Cisco Employee
Cisco Employee
In response to bmcginn

‎01-07-2013 03:13 AM

Hi Brad,

I dont see that as a feasible option. I cant think of a way to achieve it in Bridge mode.

regards,

Ajay Kumar

0 Helpful

Go to solution
bmcginn
Level 3
Level 3
In response to ajayku2

‎01-07-2013 07:13 PM

Thanks Ajay.

I appreciate yourr help and time.

Brad

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents