ACE bridge mode , FWSM routed mode
i have the following senario:
MSFC ---vlan 777----FWSM----vlan160---ACE----VLAN180
FWSM is working in routed mode and vlan 777 is shared between the MSFC and FWSM
ACE is working in bridged mode and vlan 160 is shared between the FWSM and ACE
vlan 180 is the server side vlan
i want he FWSM ip address to be the Server gateway while ACE module in
bridge mode
i create bvi interface but i can't ping from ACE to FWSM or from FWSM to
ACE
if i change ACE to routed mode , i can ping to FWSM
any body can help me in this issue?
The config looks good.
I would look at the arp table on FWSM and ACE when the ping fails and also capture a sniffer trace of ACE tengig interface and see if the ping request goes out - on which vlan - and if we get a response.
Is evertyhing else working ?
Like ping through the ACE module ?
Your config does not show a 'no shutdown' on the vlan interface, but I assume you fixed that already.
Gilles.
Similar Messages
-
hello,
I want to understand the basic operation, difference and advantages of both Bridge Mode and Router mode?
i also want to know in which case i should go for Bridge mode and Router mode?
regards
DevangIt realy depends on your requirements.
Mainly bridge mode is used for multicast support, Multiple DMZs + FWSM, server initiated connections or for seemless migration from previously installed "bridged load balancing environment".
Some of the differences are
In bridge mode you do not need additional config for "Direct server access" / "Server Initiated connections"
Broadcasts are dropped in routed mode whereas they are bridged in bridge mode.
LB functionality is same in both modes.
Syed Iftekhar Ahmed -
Hi,
I have a Cisco FWSM installed on Cisco 7613 router,the topology is like mentioned below,
7613+{FWSM}------3560---------3560----[10.220.0.0/29,10.220.1.0/29,10.220.2.0/29]
Here we created a p2p link between 7613 gig port and switch3560 gig port (say 10.220.1.252/29) and then there ia a trunk between both 3560 switches ,We wish to run FWSM in router mode and configured vlan groups 10(101,102)and 20(200,201),assigned both these groups to firewall module on router on vlan 200 ip add 192.168.2.1/24 has been given, while on fwsm on int vl 200, 192.168.2.2 ip has been given,although the interfaces are up and pinging their individual ip ads they are not pinging each other(both ip ads appear in sh arp though.Kindly help in resolving this issue.
Also i configured inside vlan 201as inside its also up and visible in arp of router but not pinging others kindly help in the resolution of this issue.
We need to put this firewall in front of the router which has a serial line to another 7600 router,how would i take traffic to fwsm ,pls suggest what else do i need to do ,as i m new to FWSM .
router config:
Router#sh firewall module
Module Vlan-groups
04 1,2
Router#sh firewall vlan-group
Display vlan-groups created by both ACE module and FWSM
Group Created by vlans
1 ACE 100-101,200-202
2 <empty>
Router#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.225.62.145 - 001d.a156.9300 ARPA GigabitEthernet10/1
Internet 10.225.62.146 107 001d.a1a5.fbc1 ARPA GigabitEthernet10/1
Internet 192.168.2.1 - 001d.a156.9300 ARPA Vlan200
Internet 192.168.2.2 7 0007.0e5c.3d00 ARPA Vlan200
Internet 192.168.3.1 4 0007.0e5c.3d00 ARPA Vlan201
Internet 192.168.3.2 - 001d.a156.9300 ARPA Vlan201
Fwsm config:
hostname FWSM
interface Vlan200
nameif outside
security-level 0
ip address 192.168.2.2 255.255.255.0
interface Vlan201
nameif inside
security-level 100
ip address 192.168.3.1 255.255.255.0
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 192.168.2.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect smtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:4e3eadb1a489f3b696d0c6da8b1b20b9
: end
FWSM#
FWSM# sh arp
outside 192.168.2.1 001d.a156.9300
inside 192.168.3.2 001d.a156.9300
eobc 127.0.0.81 0000.1800.0000
FWSM# sh int
Interface Vlan200 "outside", is up, line protocol is up
Hardware is EtherSVI
MAC address 0007.0e5c.3d00, MTU 1500
IP address 192.168.2.2, subnet mask 255.255.255.0
Traffic Statistics for "outside":
6 packets input, 658 bytes
12 packets output, 1316 bytes
474 packets dropped
Interface Vlan201 "inside", is up, line protocol is up
Hardware is EtherSVI
MAC address 0007.0e5c.3d00, MTU 1500
IP address 192.168.3.1, subnet mask 255.255.255.0
Traffic Statistics for "inside":
6 packets input, 658 bytes
7 packets output, 726 bytes
107 packets droppedhi,
thanks for being so helpful,there is a little issue thats arisen, i can not ping inside address configured on fwsm(192.168.3.1)where as i can ping 192.168.3.2 on router interface.i cannot telnet fwsm using its outside interface ip 192.168.2.2 either,hereis my FWSM config ,kindly suggest if there is any mistake .
thanks.
Also i tried to ping inside fwsm interface from my client 10.220.2.2 and enabled debug,to get these ,
FWSM# debug icmp trace 255
debug icmp trace enabled at level 255
FWSM# ICMP echo request (len 50 id 2 seq 34642) 10.220.2.2 > 192.168.2.2
ICMP echo reply (len 50 id 2 seq 34642) 192.168.2.2 > 10.220.2.2
ICMP echo request (len 50 id 2 seq 34898) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 50 id 2 seq 34898) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 32 id 2 seq 35154) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 32 id 2 seq 35154) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 32 id 2 seq 43602) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 32 id 2 seq 43602) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 32 id 2 seq 49746) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 32 id 2 seq 49746) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 32 id 2 seq 55634) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 32 id 2 seq 55634) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 50 id 2 seq 25683) 10.220.2.2 > 192.168.2.2
ICMP echo reply (len 50 id 2 seq 25683) 192.168.2.2 > 10.220.2.2
ICMP echo request (len 50 id 2 seq 25939) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 50 id 2 seq 25939) 192.168.3.1 > 10.220.2.2
Kindly suggest what could be done.
thanks. -
Difference between bridge mode and routed mode on CSS
Hi,
Could some one tell me the difference between routed mode and bridge mode.
Regards
NehaHi,
routed mode:
The CSS acts as a router, it routes packets from the client to the server. The server has the ACE configured as default-gateway.
There is a client-side VLAN and a server-side VLAN. These VLANs have different subnets.
Bridged mode:
The CSS acts as a bridge, it switches frames from the client to the server. The server has the upstream router configured as default-gateway.
There is a client-side VLAN and a server-side VLAN. These VLANs have the same subnet, but different VLAN IDs. The ACE bridges the client traffic from the client-side VLAN to the server-side VLAN.
Bridged mode would be most used in case one cannot change the servers IP addresses, or if address space is an issue.
Hope this helps.
Kind regards,
Dario -
ACE One Arm Mode vs Routed Mode
Gents,
When is it required to use the One Arm Mode and one do I use the routed mode? Actually I am confused and would really like to know the pros and cons of each?
Regards,
HeshamHi Hesham,
When you do not want to change the physical topology of your network then you usually go with ONE ARM mode.
Such as default gateway on server, IP addressing on servers. In this case client can access the server directly as well.
Its a flat network topology where your VIP and servers are in the same network ( VLAN ).
You use routed mode when you want to segregate the servers in seperate vlan and don't want to allow client to access it directly.
Client and VIP in same VLAN >>> ACE >>>>>> Server VLAN ( In this case we usually point the default gateway to ACE)
hope it helps.
regards,
Ajay Kumar -
Sharing a VLAN between FWSM and ACE (Routed Mode)
Anybody in here with experience on sharing a Vlan between an ACE and a FWSM module?
I have a transfer network between the ACE and the FWSM in the same chassis. FWSM gets several vlans and ACE gets some Vlans.
I wanted to configure it like this.
firewall vlan group 10 <FWSM only vlans>
firewall vlan group 20 <shared FWSM and ACE vlan>
or
svclc vlan group 20 <shared FWSM and ACE vlan>
svclc vlan group 30 <ACE only vlans>
The design hides the client side network and the server side network for the ACE behind the FWSM module.
Layout:
|-- Clients <--> MSFC <--> FWSM <--> ACE <--> Server --|
So allocation on the 65xx would be like this.
firewall module n vlan-group 10,20
svclc module n vlan-group 20,30
Any obvious issues with this design if you share the vlan(s) referred in group 20 with both modules?
FWSM and ACE will be in routed mode.
Thanks for reading...
RobleNever mind...
Just found the perfect answer for this in a another posting from Syed.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Data%20Center&topic=SNA%20Data%20Center%20Networking&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dddee0b/0#selected_message
Roble -
CSM route mode and bridge mode can exist at the same time?
I'm using CSM on ver 4.x,and I used to the bridge mode for firewall load balance,for a new requset,I have to create a new server/client vlan,but the original firewall load balance was effected when I issued the server vlan command,and I'd like to use route mode for the new server farm,I'm wondering that route mode and brige mode can't exist at the same time,because it seems it doesn't make sense.Any reply will be very appreciated.
you can use bridge mode and route mode at the same time.
Traffic with desintation mac address being the CSM will be routed, otherwise it will be bridged.
Gilles. -
Cuestion about CSM on bridge&router mode
Hello!!
Plese help me with this cuestion about CSM connection modes:
We have 2 Cat6500 with a CSM inside of each (CSM1 on Cat6500_1 and CSM2 on Cat6500-2)
The CSM1 is on bridge mode with Vlan31 for Client side and Vlan131 for Server side.
The CSM2 is on router mode with Vlan30 for Client side an Vlan2 for Server side.
We want to join both switches for redundancy purposes (switches and CSMs).
We want to merge the two Client Vlans (include the logical IP segments) on a /23 mask.
But the cuestions here are:
Can we keep the original config (bridge mode and router mode) on the CSM1 (for example)
considering this Module as active and CSM2 as standby?
Is there any consideration to take in count in order to configure this? (Some examples...)
Thanks in advance
Pedroyes, you can mix bridge more and router mode and so merge the 2 configs.
Gilles. -
CSS: Bridge Mode + Router mode
Hi,
I have a CSS with many interfaces, all of them bridging.
I need to include one routed interface. however, front end vlan is defined bridging, the new bac kend interface is to be routed with front end.
mix og bridge mod and route mode, will it work
mix of front end defined bridged, back end defined routed, will this work
Please advice
Regards
SSThis forum is dedicated for Cisco MARS (Security product) dicussion.
Please ask your CSS-related queries here:
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Data%20Center&topic=Application%20Networking&CommCmd=MB%3Fcmd%3Ddisplay_messages%26mode%3Dnew%26location%3D.ee7814f
Regards
Farrukh -
Hi,
Can the ACE be configured in a mix of bridged mode and routed mode?
Can this be done within the same context, fe 4 VLANs, 2 in a BVI and 2 in a L3 fashion.
Can this be done between contexts, fe in 1 context we do bridged mode and in another context we do routed mode?
Thanks in advance.I can confirm that it works in multiple contexts. I have in fact configured one arm, bridge and routed modes in different contexts on same ACE and it worked.
Syed Iftekhar Ahmed -
Can VIP and Rservers be in the same subnet in ACE Routed Mode
Good Day,
Sorry for the lengthy post.
Currently I have a 6509s running in VSS mode with ACE30 in each chassis.
I have 5 vlans, which the VSS is the L3 interface for each. 1 Vlan is for management, the others are the data vlans for the servers.
The ACE is configured in bridge mode, with all VLANs going to a specific context (non Admin).
Some of the Host on each VLANs are not utilized for load-balancing. The default gateway for each VLAN is configured on the VSS.
I would like to setup the ACE in the routed mode, without having to change the IP address of each servers on different VLANs.
Basically I want to turn off the SVIs on VSS and move the L3 interface on the ACE Context, and let it perform the local routing for all the hosts.
I was going to add a new /30 L3 interface between the VSS and ACE to be utilized for default route traffic coming from the ACE Context, and static routes from VSS to ACE for traffic destined to host that are being load-balanced and not being load-balanced. Basically force the traffic through the load-balancer in/out.
For future deployment, I was planning on using different IP address for the VIPs, and Real servers (most likely RFC 1918).
From most of the examples I have seen the VIP and Rservers are in different Subnets. But because I am trying to not change the IP address of the rservers and VIP, I wanted to know if the VIP and Rservers can be configured to be in the same subnet where the ACE is in routed mode.
Unfortunately I don't have a spare ACE to test scenario.
As always any help would greatly be appreciated.
Regards,
RamanLink-local addresses are usually the self assigned IP address that a device will set when a DHCP server cannot be found. These are the addresses with 169.254.x.x subnet.
If the router is assigning IP addresses for your network, then they will usually have a different IP subnet, possibly 192.168.0 for D-Link. And this subnet would be for the wired and wireless connections. So it would be more a case of bridging the two network topolgies rather than routing them.
The network host is busy message could be more to do with the driver and the IP protocol selected when creating the queue than the connection being broken between the Mac and printer. If you were to open Network Utility and select the Ping tab, enter the IP address of the HP and set the pings to 4, pressing the Ping button will soon show if there is a path through the wireless to the printer.
If you get a response to the ping you could then open Safari and type the ip address as the URL. This would then connect to the internal web page of the printer and possibly let you enable an IP protocol like LPR so that you can use LPD on the Mac instead of Bonjour to connect to the printer.
As for the driver, you could look at using a Gutenprint driver instead of the HP driver or the hpijs package to get past the limitations that some printer drivers have with network connections. -
ACE Bridge-mode: How to do FT?
Dear All,
I've set up a test user context in Bridge mode on an ACE blade and now want to set up FT to a second blade. The manuals have confused me slightly and most of the examples I have seen relate to routed mode.
In my topology I have Router1 connected to Router2 which has the ACE blade. Router1 is also connected to Router3 which is in turn connected to Router4 which contains a second ACE blade.
Do I create an identical configuration for the context on the second blade and how to I define the FT vlan?
The current configuration and toplogy are attached. Any pointers would be much appreciated.
Thank you
CathyGilles,
The Admin Guide warns about the use of the force option (7-20) - and the command itself warns of possible network disruption.
Without the force option these are the states of the two blades:
ace1/Admin# sh ft gro 1 de
FT Group : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 200
My Net Priority : 200
My Preempt : Enabled
Peer State : FSM_FT_STATE_STANDBY_HOT
Peer Config Priority : 100
Peer Net Priority : 100
Peer Preempt : Enabled
Peer Id : 1
Last State Change time : Tue Sep 18 08:10:30 2007
No. of Contexts : 1
Context Name : Test
Context Id : 2
ace2/Admin# sh ft gro 1 de
FT Group : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_STANDBY_HOT
My Config Priority : 100
My Net Priority : 100
My Preempt : Enabled
Peer State : FSM_FT_STATE_ACTIVE
Peer Config Priority : 200
Peer Net Priority : 200
Peer Preempt : Enabled
Peer Id : 1
Last State Change time : Tue Sep 18 08:10:29 2007
No. of Contexts : 1
Context Name : Test
Context Id : 1
switchover
ace1/Admin# sh ft gro 1 de
FT Group : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_STANDBY_BULK
My Config Priority : 200
My Net Priority : 200
My Preempt : Disabled
Peer State : FSM_FT_STATE_ACTIVE
Peer Config Priority : 100
Peer Net Priority : 100
Peer Preempt : Enabled
Peer Id : 1
Last State Change time : Tue Sep 18 09:31:20 2007
No. of Contexts : 1
Context Name : Test
Context Id : 2
ace2/Admin# sh ft gro 1 de
FT Group : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 100
My Net Priority : 100
My Preempt : Enabled
Peer State : FSM_FT_STATE_STANDBY_HOT
Peer Config Priority : 200
Peer Net Priority : 200
Peer Preempt : Disabled
Peer Id : 1
Last State Change time : Tue Sep 18 09:31:33 2007
No. of Contexts : 1
Context Name : Test
Context Id : 1
I can ping my PC from the standby blade, but a traceroute to the VIP for the webservers still shows it going to the router housing the primary ACE blade even though the context on the standby blade is active.
Thanks
Cathy -
Does ACE-30 support multicast in routed mode?
We currently have ACE20's, which only support multicast in bridge mode.
Was wondering if it's the same on ACE30's, or if Cisco finally implemented support for mcast in routed mode.
thx
KevinCould you please confirm if this applies to both ACE20 & ACE30, or just ACE20?
If both, when does Cisco plan on supporting mcast in routed mode?
thx
Kevin -
My first question, can anyone recommend some very heavy reading discussing the ACE modules and associated traffic flows and order of operations? Not just how-to scenarios.
And the primary question that brings me here:
I've got an ACE module in a 6500 chassis that's configured for routed mode. For the purpose of this question we'll say that on the ACE I have a single VLAN for vIPs and a single VLAN for rservers. vIP VLAN is 12 and rserver VLAN is 101. I have a pair of App servers being load balanced, and a pair of Web servers being load balanced.
When user devices send traffic to the Web servers vIP, traffic hits the SVI for VLAN 12 and the service-policy is applied manipulating that traffic and sending it to the VLAN 101 SVI and on down to an rserver. The same if user devices are sending traffic to the App servers vIP.
When a Web server tries to send over to the App servers vIP, I get no response. In fact, from the Web server I can't even ping my gateway (SVI for VLAN 101). How do I get the Web server to send traffic loadbalanced across the App servers?
Here's an example ACE config:
access-list ALL line 8 extended permit ip any any
probe tcp 5555
port 5555
interval 5
passdetect interval 30
probe http HTTP
interval 5
passdetect interval 30
expect status 200 200
rserver host APP01
description App Server 1
ip address 10.10.101.15
probe 5555
inservice
rserver host APP02
description App Server 2
ip address 10.10.101.16
probe 5555
inservice
rserver host WEB01
description Web Server 1
ip address 10.10.101.17
probe HTTP
inservice
rserver host WEB02
description Web Server 2
ip address 10.10.101.18
probe HTTP
inservice
serverfarm host APP-SERVERS
predictor leastconns
rserver APP01
inservice
rserver APP02
inservice
serverfarm host WEB-SERVERS
predictor leastconns
rserver WEB01
inservice
rserver WEB02
inservice
sticky ip-netmask 255.255.255.255 address both WEB-STICKY
replicate sticky
serverfarm WEB-SERVERS
sticky ip-netmask 255.255.255.255 address both APP-STICKY
replicate sticky
serverfarm APP-SERVERS
class-map match-any APP-VIP
description App Servers VIP
2 match virtual-address 10.10.12.21 tcp eq 5555
class-map match-any WEB-VIP
description Web Servers VIP
2 match virtual-address 10.10.12.20 tcp eq https
3 match virtual-address 10.10.12.20 tcp eq www
policy-map type loadbalance first-match L7-APP-SERVERS
class class-default
sticky-serverfarm APP-STICKY
policy-map type loadbalance first-match L7-WEB-SERVERS
class class-default
sticky-serverfarm WEB-STICKY
policy-map multi-match L4-CONTEXT-A-VLAN
class WEB-VIP
loadbalance vip inservice
loadbalance policy L7-WEB-SERVERS
loadbalance vip icmp-reply
class APP-VIP
loadbalance vip inservice
loadbalance policy L7-APP-SERVERS
loadbalance vip icmp-reply
interface vlan 12
description ACE-CONTEXT-A-vIPs
ip address 10.10.12.5 255.255.252.0
alias 10.10.12.4 255.255.252.0
peer ip address 10.10.12.6 255.255.252.0
access-group input ALL
service-policy input MGMT-ACCESS
service-policy input L4-CONTEXT-A-VLAN
no shutdown
interface vlan 101
description ACE-CONTEXT-A-SERVERS
ip address 10.10.101.2 255.255.255.0
alias 10.10.101.1 255.255.255.0
peer ip address 10.10.101.3 255.255.255.0
access-group input ALL
no shutdownHi Adam,
You can check Gilles' DC t-shooting guides that should give you a very good overwiew about packet processing on the ACE; also you can check
the Cisco wiki site where you find the scenarios plus a detailed explanation for traffic management.
Now going back to your issue, you problem can be splitted in two parts.
1. Web server not able to ping VLAN 101 ACE's SVI.
ACE is a closed device, meaning that access to each Interface/VLAN needs to be explicitly configured; you need to apply the management policy
to the 101 SVI to allow ICMP or any other management protocol. You can apply the same (service-policy input MGMT-ACCESS) or create a new
one just for ICMP, that's up to you.
2. Web servers not able to communicate with APP servers thorugh VIP.(vise-versa)
Problem here is that servers are trying to communicate through SVI 101 but no VIPs are applied to it so the ACE will simply discard the packets
for 10.10.12.20/10.10.12.21 on that interface, servers have the ARP and everything to reach those VIPs but the ACE has not been instructed to do
load balancing for clients reaching it out through VLAN 101.
In order to do load balancing between APP & Web Servers you need to configure L4-CONTEXT-A-VLAN on SVI 101 as well.
Also since your servers are sitting all in the same VLAN you're going to need client NAT to prevent assymetric routing on server-to-server communications.
I've attached a sample with NAT based on your config.
HTH
Pablo -
Ace routing mode desging issue
need some assistance in configuring an application using routing mode on cisco ace
clients ---asa--3750--cisco ace--- servers behind vip
|
visa card transaction servers
i am able to setup a vip on ace using routing mode on ACE,as the servers need to see the client ip ,so we are not performing SNAT,this part is working fine
when a request comes from the client ,it goes to the vip and to one of the backend servers ,and the request will be forwaded back to the ace ,as the default gateway on the servers is pointing to the server vlan on ace.
but if the transaction from the servers need to go to the visa card transaction servers ,how can we acheive this ,and after fetching the data from visa servers,does the reply will be fwd to the ACE or ASAs directly
Or do we need to have static routes defined on the visa servers to point to ASA
please advise me on thisClint
No they are completely in a different network ,
When a client hits the VIP ,the request goes to the ASA
ASA fwd the vip traffic to the ACE (VIP) interface ,and from there it fwd the traffic to the (server vlan) interface and to the appropriate backend servers.
Backend server responds back to the (server vlan ) interface and the traffic fwd back to the ASA.
But when visa card transaction need to take place ( farm servers ) need to route the traffic to the visa servers which will be in different subnet range .
Do the farm serevrs send the request back to the ASA and can we configure static routes on ASA to point to the visa servers.
Are on the farm servers can we have static routes for the visa servers
Or can I defind static routes on ACEs for the visa servers.
Maybe you are looking for
-
Application Registration Question
I have an htmldb application which was successfully implemented using my old PC. I've just unpacked by new PC and now when I attempt to run my htmldb application I am getting the following error. Can anyone help me correct this? Thanks Error in porta
-
I am developing one module pool program where I have used custom control... when I am click on a clear button. it clears all the internal tables and fields and even that internal table also which is the source of the custom control. But the screen th
-
How to transfer a saved flash game's progress onto another computer using a flashdrive?
I downloaded a .swf file of a flash a game that I put into an html file and found that it saved data into the sharedobjects folder inside of the macromedia folder but I'm just wondering if theres a way to redirect where the flash game goes to load pl
-
How can I delete all emails at once from IPhone?
I want to be able to delete all of my emails at one time from my IPhone. I have to mail accounts: Yahoo and Gmail.
-
what is the difference between photoshop elements 13 and premiere elements 13 student version versus regular