Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1145
Views
0
Helpful
3
Replies

ACE module inter serverfarm communication ( on VIP)

ehdf_infra
Level 1
Level 1

ā€Ž03-25-2011 09:00 PM

Hello,

ACE running in routed mode , i am trying to access VIP of one serverfarm from another serverfarm

I have two set of servers in two different VLANs both conifugred as ServerVLANs .when the servers in one serverfarm trying to access the VIP of another server farm ( both in the same ACE) . connection is getting dropped. I tried to use the NAT mechanism but still is geting failed.

Earlier ,we used CSM module and it had the feture of "static nat virtual" and we can add the real servers to it , so that i will carry the VIP while going out ( when th traffic is initiated by one server int he serverfarm). I couldnt fine any commands similar to this in ACE other than natting or patting.

Any assistance is highly appreciate.

Configuration is attached herewith.

Labels:
83965-ACE-ROUTED.txt.zip
0 Helpful
3 Replies 3

ciscocsoc
Level 4
Level 4

ā€Ž03-26-2011 01:26 AM

Hi,

You need to put a NAT-Pool on VLAN 460 and reference that in the policy-map.  Remember traffic is coming from the servers so you need to ensure that the traffic passes back through the ACE.

interface vlan 460
  description TRIMEX-TMG-SERVERFARM
  ip address 10.156.19.3 255.255.255.224
  alias 10.156.19.1 255.255.255.224
  peer ip address 10.156.19.2 255.255.255.224

  nat pool 1 10.156.19.xxx 10.156.19.xxx netmask 255.255.255.224 pat   <-   Added NAT Pool
  access-group input PERMIT-ANY
  no shutdown

policy-map multi-match NAT-POLICY
  class REALS
    nat dynamic 1 vlan 460   <-- Changed VLAN number

HTH

Cathy

0 Helpful

ehdf_infra
Level 1
Level 1
In response to ciscocsoc

ā€Ž03-28-2011 03:37 AM

Hi Cathy,

Issue has been solved.

natting wasnt required for this case

i have created an L3 policy to match VLAN 453 's VIP  and attached to VLAN 460 as service policy input.

it worked fine.

Cheers!!

0 Helpful

emoisak
Level 1
Level 1
In response to ehdf_infra

ā€Ž01-29-2013 06:15 AM

Hello ehdf_infra,

currently I'm solving exactly the same problem you've described in your post.

To be honest I'm not sure I understood the way you've solved the problem.

Could you please describe the configuration you used for creating "L3 policy to match VLAN 453 's VIP" and attaching it to VLAN 460 as input service policy if it possible.

What does created L3 policy exactly do after it matched VLAN 453's VIP?

Thank you in edvance

Ed.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card