Trying to implement Source NAT for a vlan 400(subnet 10.1.4.x/24)which contains both the servers & the vips.
Servers - Default Gateway is the VLAN 400 INterface on the 6500 (which populates the ace module inside) and not the vlan 400 interface on the ACE module (tried using ACE interface, but it doesnt work)..
ACL - Configured for Server to VIP Connectivity
Class Map - COnfigured to match ACL
Matching class map and Nat dynamic statement
Service policy for the above configured policy map.
Nat pool <ip similar to the 10.1.4.x subnet> on the vlan interface.
Connection attempted from server 10.1.4.218 to vip 10.1.4.172..I could see the connection coming in for the vip from the Server to the vip..But dont see a connection going out..I am sure the Server is trying to return the packet to the vip, searching it locally rather than reaching the ACE. Am i Missing something here..
Could you pls send the config? Remember that the nat-pool has to reside on the outgoing IF of ACE (if you have 2 IF on ACE). Not sure about which topology you're talking about.
send us the config and a sniffer trace.
Also get a 'show conn detail' and 'show service-policy detail' just after opening a connection from the server.
sh conn output
ACE1/Admin# sh conn | include 10.1.4.172
438 2 in TCP 400 10.1.1.111:3182 10.1.4.172:8080 SYNSEEN
The above output clearly shows the ACK packet is not send back to the ACE..Will get back with more info soon..
I do not think your natting works.
The natpool on vlan 400 which is the server vlan has natpool id 40 not 100 as you have configured in the nat policy.
policy-map multi-match nat
nat dynamic 1 vlan 700
nat dynamic 100 vlan 400 <===
nat dynamic 300 vlan 300
With this config, it didnt work..I am going to change the gateway of the servers directly to the ACE interface rather than the VLAN interface on the MSFC to get more control on the return traffic..Hopefully it will assist me to capture packets at granular level when compared to packets captured at the MSFC for the entire vlan that span across the ACE & other CSS boxes..
Thanks for your help Giles. I will definitely come back with more results and queries..