Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1893
Views
5
Helpful
4
Replies

ACE module Bridge mode issue

Go to solution
ehdf_infra
Level 1
Level 1

‎03-25-2011 08:46 PM

Hi All,

I am trying to configure one of the contexts in ACE module in bridged mode. Generic issues what i am facing is servers are not able to reach the gateways

SRV->ACE in Bridge mode-> FW->OUTSIDE USERS

Default gateway on server is the firewall IP , where as outside users' connection will hit firewall go to the  load balancer  inorder to reach the server and do the load balancing.

I have couple of BVI groups ( since i have 5 set of services), and thus I use "mac-sticky" enable feature on each client VLAN associated with the respective server vlan.

None of my serverfarm servers are able to reach the gateways ( ping)  but from the firewall I am able to ping the servers. but when a user outside is trying to initiate traffic it is not getting through even though it hits the service policy.

Any help is highly appreciated.

My config is attached herewith.

Labels:
83964-ACE-BRIDGED.zip
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
rvavale
Cisco Employee
Cisco Employee

‎03-27-2011 04:59 PM

Hi,

Can you try by configuring 'access-group input PERMIT-ANY' on interface vlan 106. By default, ACE will Deny all Incoming traffic on an Interface unless you specify Permit ACL.


Hope this helps,

Best Regards,

Rahul

View solution in original post

0 Helpful

Go to solution
Simon Chow
Cisco Employee
Cisco Employee

‎04-09-2011 06:24 PM

Vlan 106 is missing "access-group input PERMIT-ANY", adding this fixed the ping problem from servers.

Reason for adding the access-list on the server side interface is because the server ping first comes into the ACE via the server side Vlan, hence requiring an access-list entry on the server vlan to allow this.

View solution in original post

4 Replies 4

Go to solution
rvavale
Cisco Employee
Cisco Employee

‎03-27-2011 04:59 PM

Hi,

Can you try by configuring 'access-group input PERMIT-ANY' on interface vlan 106. By default, ACE will Deny all Incoming traffic on an Interface unless you specify Permit ACL.


Hope this helps,

Best Regards,

Rahul

0 Helpful

Go to solution
parveesm123
Level 1
Level 1
In response to rvavale

‎03-28-2011 03:19 AM

Hi Rahul,

Yes , it worked after putting the access-list

many thanks

Parvees (EHDF_INFRA)

0 Helpful

Go to solution
Ahmed Sabanaa
Level 1
Level 1
In response to parveesm123

‎10-11-2015 10:30 PM

Dears ,

i have the follwing problem ,could anyone please help me because i am in a hurry .

I have Cisco ACE Device configured with bridging mode ,

lately we have migration between tow server Farms , and the server admin asks me to grant access between the phisical server on the old server farm to the virtual IP of the other server farm :

lets say that we have SF 1, and SF2

the VIP of the SF1 192.168.100.10

with 2 Rservers :192.168.100.1 and 192.168.100.2

and the VIP of the SF2 192.168.100.20

with 2 Rservers 192.168.100.3 and 192.168.100.4

and the Admins Asks me to grant access from the servers on the SF1(192.168.100.1 &192.168.100.2) to the VIP ip of the SF2(192.168.100.20) and nothing denying this access it is from the same sub net  ,but its not working .....

please help solving this problem >?????

0 Helpful

Go to solution
Simon Chow
Cisco Employee
Cisco Employee

‎04-09-2011 06:24 PM

Vlan 106 is missing "access-group input PERMIT-ANY", adding this fixed the ping problem from servers.

Reason for adding the access-list on the server side interface is because the server ping first comes into the ACE via the server side Vlan, hence requiring an access-list entry on the server vlan to allow this.

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card