05-09-2012 08:58 AM
Hi All,
I have recently configured a pair of ACE 4710 appliances in a FT group. The ACE's are deployed in one-arm mode, using Source NAT, with all routing to and from being done by a pair of PIX firewalls.
My configuration does not include the use of an "alias" IP address on the data VLAN interface within each of my contexts.
My understanding is that the "alias" IP address is similar to a HSRP address and if the ACE is deployed in Routed mode the default gateway for the servers can be configured with the "alias" address so as this is always available even if a fail over occurs.
Could someone advise if this is a correct interpretation and of use of the "alias" IP address and if so whether it is required when using a one-arm mode topology?
Regards,
Gerard
05-09-2012 09:14 AM
Hi,
Your understanding is correct. If you are running FT, you will need an alias IP address in any VLAN where ACE needs to be used as either a next hop for PBR (or other static routes) or as default gateways.
-
Siva
05-09-2012 12:23 PM
Thanks for your reply Sivaksiv.
So as I have a one-arm mode deployment and am not using the ACE as default gateway for the servers or as a next hop for any routes I don't need to include an alias IP address then?
Regards,
Gerard
05-09-2012 09:04 PM
Hi Gerard,
Thats right. As long as all seem to be working even after failover its not required.
-
Siva
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide