There is VIP that is used by ACE for load balancing web servers. Internal users succeed to this VIP. ASA (connected to Core 6509 switch) is performing static NAT (VIP-to-External IP). External users cannot open web page while requesting for this IP. ASA is allowing request for any port. Also there is such string when issuing "show nat" on ASA: Untranslated hits . What can solve that problem?
It looks like more of a NAT issue on ASA than ACE. If the internal users succeed accessing the VIP then VIP is working correctly on ACE.
Are you getting any hits when external userss access the ACE? check using "show serice-policy detail" or "show connection addr .."
Untranslated hits increase when the ASA does an untranslation for a nat. This usually happens when the connection is being initiated from the outside and the ASA has to just untranslate for the host in the inside.
Would recommend checking in ASA forum as NAT doesn;t seem to work as expected.
Cisco launched their solution for hybrid cloud solution for the Microsoft Azure public cloud back in September of 2017. Since that time, Cisco has enjoyed great success with installations around the world from Poland to Australia and many points in ...
NoticeThis is not an official guide, just something I've been testing to help during those "difficult" situations. All works here are my own!GoalsThere are some situations where we need to load an image onto a Nexus switch (or other network devices ...
I was playing a little with some show commands on ACI and i found that on leaves there are VXLAN tunnels also towards the APIC (10.0.0.1 in the figure); i was wondering why there should be these tunnels? APIC is using VLAN 3967 as infrastructure VLAN, and...