Hi Siva,

Just what I needed.

Thanks

Hi,

If the server gateway is not ACE ip then you would require SNAT to make sure the reply comes back to ACE for all 3 scenarios.

The service-policy should be applied on client vlan for scenario 1. Rest looks good and this should make sure the return traffic comes back to ACE.

Regards,

Siva

Hi Siva,

Tested it yesterday and my ACE is working well. I amended the nat pool ip address to use a different ip address from the alias IP address.

int gi1/1

description Connections to Client

switchport trunk allowed vlan 1,10,100

no shutdown

int gi1/2

description Connections to Servers

switchport trunk allowed vlan 20,200

no shutdown

#Client Side VLAN

interface vlan 10

description Client Side VLAN

ip address 10.10.160.196 255.255.255.248

peer ip address 10.10.88.197 255.255.255.248

alias 10.10.88.198  255.255.255.248

#Server Side VLAN

interface vlan 20

description App(Server) VLAN

ip address 20.20.88.4 255.255.255.0

peer ip address 20.20.88.5 255.255.255.0

alias 20.20.88.250  255.255.255.0

service-policy input PM_1

service-policy input PM_2

service-policy input PM_3

service-policy input PM_4

nat pool 2 20.20.88.251 20.20.88.251 netmask 255.255.255.255 pat

interface vlan 200

description App(Client) VLAN

ip address 200.200.132.4 255.255.255.0

peer ip address 200.200.132.5 255.255.255.0

alias 200.200.132.250 255.255.255.0

service-policy input PM_1

service-policy input PM_2

service-policy input PM_3

service-policy input PM_4

nat pool 1 200.200.132.251 200.200.132.251 netmask 255.255.255.255 pat

#VIP Config

class-map CM_1

match virtual-address 10.10.138.14 255.255.255.255 tcp eq 80

exit

class-map CM_2

match virtual-address 10.10.138.11 255.255.255.255 tcp eq 7080

exit

class-map CM_3

match virtual-address 100.100.91.14 255.255.255.255 tcp eq 4561

exit

class-map CM_4

match virtual-address 100.100.91.13 255.255.255.255 tcp eq 4561

exit

#Policy Map

policy-map multi-match PM_1

class CM_1

    loadbalance vip inservice

    loadbalance policy P_1

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 200

policy-map multi-match PM_2

class CM_2

    loadbalance vip inservice

    loadbalance policy P_2

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 200

policy-map multi-match PM_3

class CM_3

    loadbalance vip inservice

    loadbalance policy P_3

    loadbalance vip icmp-reply active

    nat dynamic 2 vlan 20

policy-map multi-match PM_4

class CM_4

    loadbalance vip inservice

    loadbalance policy P_4

    loadbalance vip icmp-reply active 

    nat dynamic 2 vlan 20

Thanks so much for the guidance