Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
936
Views
0
Helpful
2
Replies

Real server to respond for client ICMP request.

Go to solution
bala.inspirer
Level 1
Level 1

‎09-13-2015 09:42 PM

Hi ,

Is the below requirement possible ?

Whenever the clients are pinging to the server which is located behind LB must reply with Server real IP address. But instead of that LB is replying with the VIP.

As per our security audit team advice our we wanted to change this behaviour and we would like to know is there any settings available in LB side to make reply packet forwarded with real server IP address Instead of LB VIP.

 

WS-X6066-SLB-APC

 

Thanks ,

 

Bala

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎09-25-2015 12:25 PM

Hi Bala,

I assume you are pinging the real server IP, for that you can create a route which bypasses the LB so that server can reply directly. If you are pinging the vip, then ACE replies directly without sending the traffic to real servers unless you are loadbalancing ICMP requests. Loadbalance vip icmp-reply <active> , this command makes the ace to reply to pings without sending it to the servers in serverfarm. If you use <active> then ACE only replies when that serverfarm is ACTIVE otherwise not.

 

However, there is an option of DSR and below is the explanation about it:

https://supportforums.cisco.com/document/91121/configure-ace-direct-server-return-mode

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎09-25-2015 12:25 PM

Hi Bala,

I assume you are pinging the real server IP, for that you can create a route which bypasses the LB so that server can reply directly. If you are pinging the vip, then ACE replies directly without sending the traffic to real servers unless you are loadbalancing ICMP requests. Loadbalance vip icmp-reply <active> , this command makes the ace to reply to pings without sending it to the servers in serverfarm. If you use <active> then ACE only replies when that serverfarm is ACTIVE otherwise not.

 

However, there is an option of DSR and below is the explanation about it:

https://supportforums.cisco.com/document/91121/configure-ace-direct-server-return-mode

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful

Go to solution
bala.inspirer
Level 1
Level 1
In response to Kanwaljeet Singh

‎09-27-2015 09:35 PM

Hi Kanwal,

 

Thanks very much for the reply.

I have attempted to get the answer like anything and this doc helped a lot.

Thanks

Bala

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card