Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1334
Views
0
Helpful
1
Replies

ACE VIP external access problem

Thorsten997
Level 1
Level 1

‎09-09-2011 03:33 AM

There is VIP that is used by ACE for load balancing web servers. Internal users succeed to this VIP. ASA (connected to Core 6509 switch) is performing static NAT (VIP-to-External IP). External users cannot open web page while requesting for this IP. ASA is allowing request for any port. Also there is such string when issuing "show nat" on ASA: Untranslated hits . What can solve that problem?

Labels:
0 Helpful
1 Reply 1

sivaksiv
Cisco Employee
Cisco Employee

‎09-09-2011 04:06 AM

Hi,

It looks like more of a NAT issue on ASA than ACE. If the internal users succeed accessing the VIP then VIP is working correctly on ACE.

Are you getting any hits when external userss access the ACE? check using "show serice-policy detail" or "show connection addr .."

Untranslated hits increase when the ASA does an untranslation for a nat. 
This usually happens when the connection is being initiated from the 
outside and the ASA has to just untranslate for the host in the inside.

Would recommend checking in ASA forum as NAT doesn;t seem to work as expected.

-

Siva

0 Helpful
Customers Also Viewed These Support Documents