Thanks Siva but that document descibes access for server to server via a VIP and the servers are on the same VLAN.  I have servers spread across t different vlans and they want to talk to each other directly, not through a VIP.

Hi,

Do you see the connection passing the ACE?  What is the behavior if you try to send TCP traffic from server to server?

------------------------------------

Cesar R

Here is a little better explanation of the setup. The servers are not L2 adjacent.

Server vlan 1 = 10.192.34.0/24

Server Vlan 2 = 10.192.44.0/24

The ACE is the gateway for both vlans.

a server on vlan 1 wants to talk to a server on vlan 2.

Cesar,   This is just a request right now.  The server team hasn't done any testing yet so I don't have any packet captures to show what is occurring.

Tony,

Can you share your config showing interface vlan and IP routes? Also let me know what IP each of the servers in the two subnets are pointing to as the default gateway.

I want to confirm I understand your topology correctly.

Regards

Jim

Here is my interface configuration and routing table.  Each server's gateway is the .1 address of these interfaces.

interface vlan 226

  description Intranet Services Server Vlan 226

  ip address 10.192.34.2 255.255.255.0

  alias 10.192.34.1 255.255.255.0

  peer ip address 10.192.34.3 255.255.255.0

  no icmp-guard

  access-group input ALL-IN

  service-policy input FROMVLAN226

  service-policy input RMGT_P

  no shutdown

interface vlan 246

  description Intranet Services Server Vlan 246

  ip address 10.192.44.2 255.255.255.0

  alias 10.192.44.1 255.255.255.0

  peer ip address 10.192.44.3 255.255.255.0

  no icmp-guard

  access-group input ALL-IN

  service-policy input FROMVLAN246

  service-policy input RMGT_P

  no shutdown

interface vlan 292

  description Intranet Services Client Vlan 292

  ip address 10.192.8.4 255.255.254.0

  alias 10.192.8.6 255.255.254.0

  peer ip address 10.192.8.5 255.255.254.0

  mac-sticky enable

  no icmp-guard

  access-group input ALL-IN

  service-policy input INTRA-v292_P

  service-policy input RMGT_P

  no shutdown

interface vlan 294

  description Intranet Services Client Vlan 294

  ip address 10.192.6.4 255.255.254.0

  alias 10.192.6.6 255.255.254.0

  peer ip address 10.192.6.5 255.255.254.0

  mac-sticky enable

  no icmp-guard

  access-group input ALL-IN

  service-policy input INTRA-v294_P

  service-policy input RMGT_P

  no shutdown

Destination         Gateway          Interface         Flags

------------------------------------------------------------------------

0.0.0.0             10.192.6.1       vlan294           S [0xc]

10.192.6.0/23       0.0.0.0          vlan294           IA [0x30]

10.192.8.0/23       0.0.0.0          vlan292           IA [0x30]

10.192.44.0/24      0.0.0.0          vlan246           IA [0x30]

10.192.34.0/24      0.0.0.0          vlan226           IA [0x30]

Tony,

Since the servers are local and pointing their default gateway at the ACE there should be no problem with this communication. I see you have an ACL applied to both interfaces named ALL-IN. If this is allowing all IP traffic then the config and topology are correct. If traffic is not working correctly between these hosts I would first confirm the default gateway of the servers is correctly pointing at the alias of the ACE interface. I would then confirm if the traffic leaving the server is using the same MAC address as the ACE shows in the "show arp" output. If the servers are using active active NIC teaming or some sort of clustering the MAC address that is being sent at the ACE may not be the same as what the ACE has learned for this device. If the MAC does not match the show arp mapping then this is the issue. The ACE needs to know the MAC address of each device that is forwarding traffic to it. If this is the case you could try configuring a static arp entry matching the MAC that the server is using.

Regard

Jim