Hi,
You may need to configure SNAT on the ACE because if its not there and the
ACE is not inline (default gw for servers) then the servers will reply to
users directly using their configured default gw and since the firewall
accepted the initial session over the VIP and there will be no established
session for the server ip in its session state table, the firewall will drop
it.
When you configure source natting the request will be sourced by ace and the
servers will reply back to ace for the application traffic, and ace will
reply back to users.
regards,
Farhan.
On Wed, Jul 20, 2011 at 2:12 PM, eseosa <eseosa.ehiwe_at_gmail.com> wrote:
> Hello Gs,
>
> I have set up ace to do SLB for my servers on port 25 , i have
> allowed ( ip any any from inside and outside interfaces using access
> control lists , its that bad) :-) ) but i cant reach the subnet where
> my servers are connected from the internet but i can reach the VIP of
> the ACE from outside .
>
> I have checked routing within my infrastructure and everything looks fine .
>
> Is there something i am missing with ACE configuration .
>
> Thanks
> --
> Warm Regards,
>
> Eseosa
> CCIE #23782
> You can learn anything just develop the right quantity of interest.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- *-- Farhan Anwar* *Infrastructure Solutions Architect* *CCIE#19871* www.farhananwar.com Blogs and organic groups at http://www.ccie.netReceived on Wed Jul 20 2011 - 15:58:48 ART
This archive was generated by hypermail 2.2.0 : Mon Aug 01 2011 - 06:30:06 ART