Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
4
Replies

ACE - Need to permit access to allow remote management to servers

Go to solution
mcroberts
Level 1
Level 1

‎03-17-2009 10:36 AM

I am new to the ACE and having a problem figuring out how to allow the server team to manager their servers sitting behind the ACE modules. Load balancing is working great.

ex...

rserver1 = 172.17.252.10

rserver2 = 172.17.252.11

vip = 172.17.252.15

Currently, the server team is not able to use remote desktop, term services, etc... to manage the real servers...ie .10 and .11. My ACL permits everything and my multi-match policy map only permits access to the vip and applies load-balancing policies.

What do I need to configure to allow the server team to access their rserver IP addresses to manage each box?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎03-17-2009 10:46 AM

If ACLs are in place then you need to make sure that traffic from server team can be routed successfully to/from the real servers.

Upstream routing devices should have routes for your real servers pointing to the ACE.

HTH

Syed iftekhar Ahmed

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎03-17-2009 10:46 AM

If ACLs are in place then you need to make sure that traffic from server team can be routed successfully to/from the real servers.

Upstream routing devices should have routes for your real servers pointing to the ACE.

HTH

Syed iftekhar Ahmed

0 Helpful

Go to solution
mcroberts
Level 1
Level 1
In response to Syed Iftekhar Ahmed

‎03-17-2009 11:32 AM

all of the routing is in place and the the real servers gateways are the ACE. I think my issue lies within the policy map permitting traffic in to the real IP addresses, but I cant find a combination that will permit the required traffic to the real servers IP addresses.

access-list IB extended permit ip any any

class-map match-any VIP

match virtual-address 172.17.252.15 tcp eq 80

match virtual-address 172.17.252.15 tcp eq 443

policy-map multi-match client-vip

class VIP

loadbalance vip inservice

loadbalance policy slb

loadbalance vip icmp-reply

interface vlan 252

ip address 172.17.252.4 255.255.255.192

service-policy input client-vip

access-group input IB

0 Helpful

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8
In response to mcroberts

‎03-17-2009 01:05 PM

Policy maps are not needed for "Direct server Access". you just need an ACL and appropriate routes.

Syed

0 Helpful

Go to solution
dario.didio
Level 4
Level 4
In response to mcroberts

‎03-18-2009 01:39 AM

Hi, make sure that you configure the IB ACL on VLAN interface of the serverVLAN too, otherwise your return traffic is blocked.

HTH

Kr,

Dario

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card