Here my config:

access-list permit_all line 8 extended permit ip any any
access-list permit_all line 9 extended permit icmp any any

probe http MyService_8080
  port 8080
  interval 100
  faildetect 2
  passdetect interval 2
  request method get url /cps/rde
  expect status 200 200

rserver host host1
  ip address 193.141.34.8
  inservice
rserver host host2
  ip address 193.141.34.9
  inservice

serverfarm host MyService
  predictor leastconns
  probe MyService_8080
  rserver host1
    inservice
  rserver host1 8080
  rserver host2
    inservice
  rserver host2 8080

parameter-map type connection WAN_OPT
  set tcp wan-optimization rtt 0
  set tcp mss min 768 max 1360
parameter-map type http http_parameter_map
  persistence-rebalance
  set header-maxparse-length 8192
  length-exceed continue

class-map type http loadbalance match-any MyService
  2 match http url .*.

class-map type management match-any Management
  2 match protocol telnet any
  3 match protocol http any
  4 match protocol https any
  5 match protocol icmp any
  7 match protocol snmp any
  8 match protocol ssh any

policy-map type management first-match Management
  class Management
    permit

sticky http-cookie lbid MyService-COOKIE
  timeout 60
  replicate sticky
  serverfarm MyService

class-map match-all MyService_80
  2 match virtual-address 197.200.171 tcp eq www

policy-map type loadbalance first-match MyService_80
  class MyService
    sticky-serverfarm MyService-COOKIE

policy-map multi-match VIP_IP_Servers

class MyService_80
    loadbalance vip inservice
    loadbalance policy MyService_80
    loadbalance vip icmp-reply active
    nat dynamic 11 vlan 11
    appl-parameter http advanced-options http_parameter_map
    connection advanced-options WAN_OPT

interface vlan XX
  description WIN_Server
  ip address 193.141.8.172 255.255.0.0
  alias 193.141.8.175 255.255.0.0
  peer ip address 193.141.8.174 255.255.0.0
  no normalization
  no icmp-guard
  access-group input permit_all
  nat-pool 11 193.141.8.176 193.141.8.186 netmask 255.255.0.0 pat
  service-policy input Management
  no shutdown

interface vlan XX
  description VIP_Servers
  ip address 197.200.14 255.255.254.0
  alias 197.200.15 255.255.254.0
  peer ip address 197.200.16 255.255.254.0
  no normalization
  no icmp-guard
  access-group input permit_all
  service-policy input Management
  service-policy input VIP_IP_Servers
  no shutdown

ip route 0.0.0.0 0.0.0.0 197.200.1

Regards

Gerhard

As per my knowledge please apply service-policy input VIP_IP_Servers

interface vlan XX

description WIN_Server

ip address 193.141.8.172 255.255.0.0interface vlan XX
description WIN_Server
ip address 193.141.8.172 255.255.0.0

Hi Ravi,

it lasts to bind this policy to that interface what is in the range of the VIP ip addresses. But anyway i bound it additionally

to the Server's VLAN interface and that situation is the same ..

The Service can be used by http Port 80 without any problem, well performing only this stupid VIP ip address  197.200.171 (this is not the orignal address in the discussion) does not answer any icmp echo ...

Regards

Gerhard

Hi Ravi,

It looks as it is a Bug...  I made nearly  the same definitions again, copied the all definitions for the Service

having the ping problem, cahnged the Titles  by adding  _Test changed for the Test the IP at the end two digits higher..

instead of 197.200.171.171  I took 197.200.171.173.... and funny a simple ping was no problem...

Regards

Gerhard

how about trying to shut and no shut the vlan interface, have you tried this. as the config looks fine.

Hello Gerhard,

If you are saying there´s only one VIP which cannot be properly reached by pings but there are other which are responding, there´s no reason to think this might be a bug.

What is the problematic VIP?

Do you have any other VIP in the same subnet which is responding pings properly?

Are you trying to ping from one vlan of the ACE to another vlan of the ACE?

From where are you trying to ping it? Have you tried with different computers? From different subnets?

Jorge

Hello Gerhard,

class-map match-all MyService_80

  2 match virtual-address 197.200.171 tcp eq www

Checking this config, I noticed you got: "197.200.171", is that the way how you got it configured?

Jorge

Hi Gerhard,

Please share all the octects of VIP & VIP_SERVERS VLAN IPs and also share the full IP of next hop ip address of default route.

Ravi K Sharma

Hi Jorge,

instead of the 197.200.171   ist is in reality   10.24.14.171 / 23 what has the problem with not bein able to ping it and it's really only th problem that it does not respond by ping. The HTTP-Traffic works perfect.

class-map match-all MyService_80

  2 match virtual-address 10.24.14.171 tcp eq www

Other VIP's at the same box responds to ping perfectly fre expample 10.24.14.172.

I tried the ping form the VLAN where the PC - clients are located and also form the VLAN where the servers are located.

From all directions the same .. 10.24.14.172 responds perfectly, and the 10.24.14.171 does not respond to ping  for whatever reason.. and it's no a problem of routing, because when I do a capture at the ACE I see the icmp echo from the clients.. but no replay from the ACE..

For an additional Test I copied step by step all definitions relating to the not pingable 10.24.14.171 and changed the names by adding _Test  and created i this way

class-map match-all MyService_80_Test

  2 match virtual-address 10.24.14.173 tcp eq www  

and that definition with _Test  and the 10.24.14.173   answers the ping perfectly..

Regards

Gerhard