Two server Vlans behind ACE needs to communicate

Sonugnair_2 · ‎03-15-2008

Hi all,

We have a setup as follows:-

MSFC-->FWSM--->ACE--->2 Server Vlans.

The gateways for all the servers are the respective alias IP addresses. the clients can initiate inbound sessions to all servers and the servers can initiate outbound sessions to selected outside devices. Now we have a new requirement wherein the servers need to communicate with each other. How do we accomplish this? Now when server (behind the ACE) initiates a session a to the devices in outside world a source NAT to the VIP is required. In this case the for server to server communication is a VIP required. What we require is just something like "inter vlan routing" on the MSFC. the sample config is like this:-

interface vlan 410

desc "SERVERS-B"

ip address 192.168.20.50 255.255.255.0

alias 192.168.20.1 255.255.255.0

peer ip address 192.168.20.51 255.255.255.0

access-group input ALL

service-policy input SMTP-LOG

service-policy input ICMP_PROD

no shutdown

interface vlan 411

desc SERVERS-A

ip address 192.168.10.50 255.255.255.0

alias 192.168.10.1 255.255.255.0

peer ip address 192.168.10.51 255.255.255.0

access-group input ALL

service-policy input ICMP_TEST

no shutdown

interface vlan 423

desc "FWSM DMZ"

ip address 172.23.0.2 255.255.255.0

peer ip address 172.23.0.3 255.255.255.0

access-group input ALL

service-policy input TEST

service-policy input PRODUCTION

no shutdown

We require 192.168.10.X network to communicate with 192.168.20.X network.

I hope i have explained the scenario.

Thanks in advance.

Regards

Sonu.

Gilles Dufour · ‎03-16-2008

there is nothing special to do.

ACE will route the traffic if it is permitted by an access-group and if it does not match a policy.

Gilles.