Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
583
Views
0
Helpful
3
Replies

ACE- From one real server to another VIP

sudheer
Level 1
Level 1

‎05-18-2011 11:14 PM

Hi,

I have a problem with ACE;

We have multiple serverfarms configured in the ACE module based on the application and different VIPs related to it. We are running the ACE in bridging mode. Now the requirement is from one serverfarm real server wants communicate to the VIP of the second serverfarm...Is this possible..???? Wil some NATing help in this situation. Below is the configuration.

======================

access-list LAN_Traffic remark For all IP Traffic

access-list LAN_Traffic line 10 extended permit ip any any

access-list LAN_Traffic line 20 extended permit icmp any any

!

probe http PORTAL_HTTP

  passdetect interval 20

  passdetect count 2

  request method get url http://portal

  expect status 0 600

!

probe http RMS_HTTP

  request method get url /_wmcs

  expect status 0 600

!

rserver host PORTAL1

  ip address 172.22.11.241

  inservice

rserver host PORTAL2

  ip address 172.22.11.243

rserver host QGLRSPW1

  inservice

rserver host RMS01

  ip address 172.22.10.12

  inservice

rserver host RMS02

  ip address 172.22.10.8

  inservice

!

serverfarm host PORTAL

  failaction purge

  probe PORTAL_HTTP

  rserver PORTAL1

    inservice

  rserver PORTAL2

    inservice

!

serverfarm host RMS

  failaction purge

  probe RMS_HTTP

  rserver RMS01

    inservice

  rserver RMS02

    inservice

!

class-map match-any PORTAL

  2 match virtual-address 172.22.10.166 tcp any

class-map match-any RMS

  2 match virtual-address 172.22.10.52 tcp eq www

  3 match virtual-address 172.22.10.52 tcp eq https

policy-map type loadbalance first-match RMS-POLICY

  class class-default

    serverfarm RMS

policy-map type loadbalance first-match PORTAL-POLICY

  class class-default

    serverfarm PORTAL

policy-map multi-match SFARM-LB-POLICY

  class RMS

    loadbalance vip inservice

    loadbalance policy RMS-POLICY

    loadbalance vip icmp-reply active

class PORTAL

    loadbalance vip inservice

    loadbalance policy PORTAL-POLICY

    loadbalance vip icmp-reply active

interface vlan 800

  description ACE Client Interface

  bridge-group 1

  mac-sticky enable

  service-policy input SFARM-LB-POLICY

  no shutdown

interface vlan 898

  description ACE Server Interface

  bridge-group 1

  mac-sticky enable

  no shutdown

interface bvi 1

  ip address 172.22.11.151 255.255.252.0

  alias 172.22.11.153 255.255.252.0

  peer ip address 172.22.11.152 255.255.252.0

  description Bridge Group for 800 and 898 Interfaces

  no shutdown

ip route 0.0.0.0 0.0.0.0 172.22.8.17

===================================

Pleae help..Thanks in advance

Labels:
0 Helpful
3 Replies 3

Marko Leopold
Level 1
Level 1

‎05-19-2011 02:38 AM

Hello!

Well yes it would work. BUT...you have to change your config a bit. First you need to apply your accesslist to both interfaces, or the ACE will reject it, because it is acting as a firewall by default. And second you have to apply the policymap to both interfaces as well or you put the policymap globally on the ACE.

0 Helpful

sudheer
Level 1
Level 1
In response to Marko Leopold

‎05-19-2011 02:42 AM

Hello,

Thanks for you reply..Could you Pls help me by sending the sample configs if you have..

Rgds

Sudheer

0 Helpful

Marko Leopold
Level 1
Level 1
In response to sudheer

‎05-19-2011 03:12 AM

hey, where is the fun in learning something? how do you think the config should look like?

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card