06-20-2012 06:33 AM
Hi All,
I am encountering the following issue.
I am trying to ping from different contexts the real servers behind the ACE.
I have configured on the interface of the Real Server outbound nat.
I can see on the connection table that the icmp request is received and NAT is performed but I am getting request timed out.
I am succefully able to ping the VIP addresses. I have also tried removing icmp-guard but this didn't help.
My question is if I can somehow not use the outbound nat for icmp, or does someone have another solution to my problem.
The version being used on the ACE is 5.2.1.
Thanks in Advance.
Jack.
Solved! Go to Solution.
06-25-2012 02:53 AM
TAC case was opened: rserver1 -- ACE context 1 -- FWa - L3 device -- FWb --- ACE context 2 -- rserver2 ping from rserver 1 to rserver 2 was not working we noticed that the FWb is sending the request directly to the rserver2 since its subnet is directly conencted to it, and the rserver has it's default GW as ACE context 2. we configured source NAT on FWb similar to the following and now it works fine. access-list test extended permit icmp any host rserver2 nat (outsideIF) 123 access-list test outside global (rserversIF) 123 interface
06-22-2012 04:01 AM
Hi Jack
Is this the traffic flow
Client ----- ICMP -----> ACE ----> Server
And you are trying to ping the server from the client directly ?
Can you attach the configuration ?
Thanks
Vikas Purbiya
06-24-2012 02:25 AM
Question: I am trying to ping from different contexts the real servers behind the ACE.
Answer: Every context in ACE behaves as an individual load balancer. They have their own routing and swithcing decision. If you have configured servers in context ABC and are trying to ping from Context CDE this will not work.
Inter-context communication is not allowed within the ACE. Even if both context are sharing a common VLAN traffic you need another L3 device to make them communicate.
06-25-2012 02:53 AM
TAC case was opened: rserver1 -- ACE context 1 -- FWa - L3 device -- FWb --- ACE context 2 -- rserver2 ping from rserver 1 to rserver 2 was not working we noticed that the FWb is sending the request directly to the rserver2 since its subnet is directly conencted to it, and the rserver has it's default GW as ACE context 2. we configured source NAT on FWb similar to the following and now it works fine. access-list test extended permit icmp any host rserver2 nat (outsideIF) 123 access-list test outside global (rserversIF) 123 interface
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide