09-09-2009 07:31 AM
I am trying to replicate this environment (see attached) on our new ace appliances but it doesn't like what the css-conversion tool had me do and the only way I can make it work is with transparent mode, no NAT, and the default route being set on my servers to the ACE. This is not a good solution since these servers are accessed by user subnets directly in some cases. What I tried....
(this works, says service is operational)
probe tcp p80_PROBE
interval 15
passdetect interval 5
port 80
rserver host web-s1
inservice
ip address 192.168.1.2
rserver host web-s2
inservice
ip address 192.168.1.3
serverfarm host web
probe p80_PROBE
rserver web-s1 80
inservice
rserver web-s2 80
inservice
class-map match-all web_CLASS
match virtual-address 192.168.100.66 tcp eq 80
policy-map type loadbalance first-match web_POLICY
class class-default
serverfarm web
policy-map multi-match POLICY
class web_CLASS
loadbalance vip inservice
loadbalance vip icmp-reply active
loadbalance policy web_POLICY
nat dynamic 10 vlan 100
interface vlan 100
nat-pool 10 192.168.100.66 netmask 255.255.255.0 pat
service-policy input POLICY
I have also put ACLs allowing everything on all interfaces but that doesn't change anything.
serverfarm details shows failures and no connections when i try to access from my browser
am I messing up how I do NAT? What else may be the issue?
09-10-2009 07:13 AM
Is that an edited config from your ACE? I just don't see an IP address for the interface. You will want the ACL as well or the ACE will deny the connections.
09-10-2009 09:06 AM
yes it is edited, i assigned an ip address and also added an access-group in and out that permits any any
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide