01-25-2011 01:07 AM
Morning or Evening.
I hope you can help me.
At the moment I can ping from a cisco ace 4710 two Web Servers and the rest of the infrastructure as shown below
At present the sticky sessions and ssl isn't really too much of a concern but I would like to see HTTP or HTTPS traffic running though the ACE 4710.
Ping from the Ace is successfull as it can ping AD servers, Database Servers, etc..
Show conn only shows that the HA links are connected but nothing else.
Show arp shows that ever thing is up from the Real Server,VIP addresses, H/A IP's and also a couple of vlans on a core switch.
I think the problem maybe due to the class-map and possibly a policy map that's not applied to the Virtual IP's
Thanks again
01-25-2011 01:11 AM
The attatched is a current VIP status.
Thanks again
01-25-2011 05:25 AM
I would guess about a direct-server-return, but without your configuration it will be all just guessing.
01-25-2011 05:53 AM
01-25-2011 06:16 AM
At first you should put your access-list on all your interfaces. The ACE is acting like a firewall. Then you should enable logging. The ACE is very good in telling you why something blocked or not.
01-25-2011 06:38 AM
Thanks for the reply.
I take it adding an access-list would be the same as a normal switch ???
Daft question but I had to ask
01-25-2011 07:18 AM
on VLAN 200 you have the command
access-group input ALL
you should add this to VLAN 210 and 220 too. By default ACE is blocking all incoming traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide