cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1396
Views
0
Helpful
3
Replies

ACE "reverse-sticky"

adrian_teo
Level 1
Level 1

Hi all,

        II know reverse-sticky command is not support in ACE, is there a equavient comment that i can ensure "reverse-sticky". I'm trying to loadbalance Cisco NAC servers with ACE. The NAC server LB concept should be like FWLB, i need the return traffic from to go throught the same NAC server that the traffic orginates.

3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

The solution is to use predictor hash address souce on the frontend ACE and predictor hash address destination on the backend

ACE.

Gilles.

Hi Gilles,

             Thank you for the reply. Does the solution needs to be in multiple ACE deployment? As i only have 1 ACE available can it be achived in a single ACE deployment?

This can be done in a single ACE.  You could have 2 contexts 1 for frontend and 1 for backend.

A firewall loadbalancing (FWLB) design is always of the type

outside---------- ACE(front) --------------- Firewalls -------------- ACE(back) --------inside

This is to guarantee that packets flow through the same firewall in both direction.

This can be done with 2 physical ACE's or 2 contexts on a single ACE.

Can also be done inside a single context of a single ACE but maybe more difficult - more confusing.

Gilles.

Review Cisco Networking for a $25 gift card