Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
292
Views
0
Helpful
1
Replies

Same Service Policy on Cient and Server Side

jrbeining
Level 1
Level 1

‎04-30-2009 07:31 AM

Currently we have our ACE's deployed in L2 mode. I have the service policy applied to the client side vlan (123). Everything is working fine. My application guys want to be able to ping the VIP from the rservers and as configured it does not work. In order to get this to work it seems that I need to apply the service policy to the server side vlan (456) too. Are there any issues that I need to be aware of when doing this besides source natting the server connections if they want to access the VIP content? Relevant config:

interface vlan 123

bridge-group 1

access-group input BPDU

access-group input PERMIT_ANY

service-policy input REMOTE_MGMT_ALLOW_POLICY

service-policy input VIP_POLICY

no shutdown

interface vlan 456

bridge-group 1

access-group input BPDU

access-group input PERMIT_ANY

service-policy input REMOTE_MGMT_ALLOW_POLICY

no shutdown

Thanks.

-Joshua

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎05-06-2009 01:49 AM

Be aware that we do not client nat traffic that is bridged.

So if your vip does not belong to the subnet of bvi 1, your server will probably send the SYN with a destination mac-address which is the gateway.

If the gateway is not ACE, the traffic will be bridged by ACE and it won't match your service policy on the server interface.

The gateway will probably then send the traffic back to ACE.

This is where you need to put your service policy and do client nat.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card