Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1637
Views
0
Helpful
4
Replies

Telnet on port 80 to VIP is not working from the same VLAN on ACE

Hidayat Khan
Level 1
Level 1

‎02-20-2013 07:29 AM

Hi,

  Quick senario, pair of different servers configured on the same vlan in ACE and different VIP have been allocated on port 80. When I telnet a VIP 10.0.0.1 on port 80 from outside Vlan, i.e from different Vlan or from outside ACE, it works fine, but when I try to telnet from internet (different server) then failed, though ping to the VIP works fine. Any idea

Regards

Labels:
0 Helpful
4 Replies 4

rhgtyink
Level 1
Level 1

‎02-20-2013 11:04 AM

Hi,

If I understand you correctly you are trying to loadbalance a request from within the rserver residing vlan?

In that case you need to Source NAT the server request else the reply will end up directly on the server which doesn't have that connection request in it's tables.

Say rservers1 & 2 run the telnet daemon on 11.1.1.1 and 11.1.1.2

Other rservers 3 & 4 are the 'client' here on 11.1.1.3 and 11.1.1.4

If you connect to the VIP they will send a TCP SYN request source 11.1.1.3 -> 10.0.0.1

the VIP will loadbalance this request to the 11.1.1.1 server and that server will send the TCP SYN ACK to the original source, now this request would not be routed back trough the ACE and and up on the rserver3.

But rserver3 did not initiate a connection to 11.1.1.1 so it will drop that packet (remember the SYN was send to 10.0.0.1).

Implementing Source NAT so that the 'return' traffic gets routed back over the ACE to the rserver3 would fix this issue.

0 Helpful

Hidayat Khan
Level 1
Level 1
In response to rhgtyink

‎02-21-2013 02:26 AM

Hi rhgtyink,

Your explaination makes sense, and Initially I thought the same, but wasn't sure! So what you are saying, that I should implement NAT. Note! In my oringal post, I used the word 'Internet' that was Internal...was my mistake...

Shall I use the IP in NAT pool from the same subnet i.e 11.1.1.200 - 210 ?

Hope that will resolve the issue. I will test it today and will post the result.

Many thanks

0 Helpful

Jorge Bejarano
Level 4
Level 4

‎02-25-2013 08:36 PM

Hidayat,

It sounds like you may have assymetric routing issue at some point, then you may need to use NAT statement to avoid that situation.

The issue which you have looks like a server initiation issue, what happens if that you need to have a way to send the traffic of one server to another server or even to itself then you will NAT.

I will look for a server initiation sample and paste it tomorrow to see if it makes for you.

Jorge

0 Helpful

Cesar Roque
Level 4
Level 4

‎03-07-2013 10:15 AM

Hi Hidayat

Please paste your configuration here.  It looks that you need to use a nat-pool to make it work

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card