06-16-2012 12:17 AM
My customer they do not want change their real server IPs.
So I need setup one interace (one armed) for them on ACE4710.
Who had this sample configuration? (CSS has this but it seems to be not compitable with ACE)
06-16-2012 12:56 AM
Hi,
here it is..
The configuration would be similar to routed mode it is just that you are applying SNAT.
rserver host S1 ip address 192.168.0.200 inservice rserver host S2 ip address 192.168.0.201 inservice |
serverfarm host SF-1 rserver S1 inservice rserver S2 inservice |
class-map match-all L4VIPCLASS 2 match virtual-address 172.16.0.15 tcp eq www |
policy-map type loadbalance http first-match WEB_POLICY class class-default serverfarm SF-1 |
policy-map multi-match VIPs class L4VIPCLASS loadbalance vip inservice loadbalance policy WEB_POLICY loadbalance vip icmp-reply active loadbalance vip advertise active nat dynamic 1 vlan 240 |
interface vlan 240 ip address 172.16.0.130 255.255.255.0 alias 172.16.0.128 255.255.255.0 peer ip address 172.16.0.131 255.255.255.0 access-group input any service-policy input REMOTE_MGMT_ALLOW_POLICY service-policy input VIPsno shutdownnat-pool 1 192.168.0.254 192.168.0.254 netmask 255.255.255.0 pat |
06-18-2012 06:19 AM
Thanks.
06-16-2012 02:51 PM
Hi,
Here is a configuration example of HTTP & HTTPS loadbalance in One-Armed Mode:
access-list Allow_Access line 10 extended permit ip any any
rserver host test
ip address 10.198.16.98
inservice
rserver host test2
ip address 10.198.16.93
inservice
serverfarm host test
rserver test 80
inservice
rserver test2 80
inservice
ssl-proxy service TEST
key cert
cert cert
sticky ip-netmask 255.255.255.255 address source group1
timeout 720
serverfarm test
sticky http-cookie test group2
cookie insert
serverfarm test
class-map type management match-any NSS-ACCESS
10 match protocol telnet any
30 match protocol icmp any
40 match protocol http any
50 match protocol https any
class-map match-all VIP
2 match virtual-address 10.198.16.122 tcp eq www
class-map match-all VIPSSL
2 match virtual-address 10.198.16.122 tcp eq https
policy-map type management first-match NSS_MGMT
class NSS-ACCESS
permit
class class-default
permit
policy-map type loadbalance first-match test
class class-default
sticky-serverfarm group1
policy-map multi-match clients
class VIP
loadbalance vip inservice
loadbalance policy test
loadbalance vip icmp-reply active
nat dynamic 1 vlan 112
class VIPSSL
loadbalance vip inservice
loadbalance policy test
loadbalance vip icmp-reply active
nat dynamic 1 vlan 112
ssl-proxy server TEST
interface vlan 112
ip address 10.198.16.91 255.255.255.192
access-group input Allow_Access
nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat
service-policy input NSS_MGMT
service-policy input clients
no shutdown
ip route 0.0.0.0 0.0.0.0 10.198.16.65
06-18-2012 06:19 AM
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide