How to test a cisco ACE loadbalancer.

Similar Messages

• Cisco ACE loadbalancing matching more than one header in L7 class map

  Dear All,
  This is regarding Cisco ACE loadbalancing matching more than one header in L7 class map. I have a small setup with ACE 30 module in Cisco6500. I have got three webservers. Presently I have following configuration where I am mathing one url header.
  class-map type http loadbalance match-all L7_WEB_HEADER_MATCH
  description MATCH THE HOST HEADER OF HTTP REQUEST
  2 match http header Host header-value ".*abhisar.com*"
  So for above configuration, when traffic is coming for abhisar.com, it is working fine.
  Now, I have following headers and DNS entry is pointing to same virtual IP for all http url header same as abhisar.com
  abhisarindia.com
  indiaabhi.com
  So new configuration will be
  class-map type http loadbalance match-any L7_WEB_HEADER_MATCH
  description MATCH THE HOST HEADER OF HTTP REQUEST
  2 match http header Host header-value ".*abhisar.com*"
  4 match http header Host header-value ".*abhisarindia.com*"
  6 match http header Host header-value ".*indiaabhi.com*"
  So just want to confirm if this is fine.
  Thank You,
  Abhisar.

  Dear Rajesh,
  Thank you for reply. I will let you know once I carry out this activity.
  Thank You,
  Abhisar.

• Standby cisco ACE loadbalancer issues (network connectivity)

  Hi ALL,
              We are having issues with the secondary (standby) load balancer ACE module on a 6500 switch. We see that the loadblanacer is not able to get onto the network which leads to problem with fault tolerance as well. Following is the ft status found on the load balancer for one of the contexts (this is the same pattern seen on all the contexts).
  switch/Admin# sh ft group status
  FT Group                     : 1
  Configured Status            : in-service
  Maintenance mode             : MAINT_MODE_OFF
  My State                     : FSM_FT_STATE_ACTIVE
  Peer State                   : FSM_FT_STATE_UNKNOWN
  Peer Id                      : 1
  No. of Contexts              : 1
  Sh arp on all the contexts shows the gateway/rserver to be unreachable. Please find the screenshot below for one of the contexts (the same pattern is seen on the LB for all other contexts)
  switch/1_Context# sh arp
  Context CSD_Context
  ================================================================================
  IP ADDRESS      MAC-ADDRESS        Interface  Type      Encap  NextArp(s) Status
  ================================================================================
  172.21.128.97   00.00.00.00.00.00  vlan942   GATEWAY    -                   dn
  172.21.128.103  00.0b.fc.fe.1b.09  vlan942   ALIAS      LOCAL     _         up
  172.21.128.105  00.12.43.dc.93.23  vlan942   INTERFACE  LOCAL     _         up
  7.0.0.4         00.0b.fc.fe.1b.09  vlan943   NAT        LOCAL     _         up
  - 7.0.0.6
  172.21.147.196  00.0b.fc.fe.1b.09  vlan943   ALIAS      LOCAL     _         up
  172.21.147.198  00.12.43.dc.93.24  vlan943   INTERFACE  LOCAL     _         up
  172.21.147.200  00.00.00.00.00.00  vlan943   RSERVER    -       * 3 req     dn
  172.21.147.202  00.00.00.00.00.00  vlan943   RSERVER    -       * 2 req     dn
  172.21.147.204  00.00.00.00.00.00  vlan943   RSERVER    -                   dn
  172.21.147.206  00.00.00.00.00.00  vlan943   RSERVER    -                   dn
  172.21.147.208  00.00.00.00.00.00  vlan943   RSERVER    -       * 3 req     dn
  172.21.147.210  00.00.00.00.00.00  vlan943   RSERVER    -       * 2 req     dn
  172.21.147.212  00.00.00.00.00.00  vlan943   RSERVER    -       * 1 req     dn
  172.21.147.214  00.00.00.00.00.00  vlan943   RSERVER    -       * 1 req     dn
  172.21.147.216  00.00.00.00.00.00  vlan943   RSERVER    -       * 3 req     dn
  7.0.0.1         00.0b.fc.fe.1b.09  vlan943   NAT        LOCAL     _         up
  - 7.0.0.3
  The problem is that we see the problem only on the secondary loadbalancer. primary is just running file
  also i can see some traffic denial in admin context for resource usage
  switch/Admin# sh resource usage
                                                       Allocation
          Resource         Current       Peak        Min        Max       Denied
  Context: Admin
    conc-connections              9          9     160000    6560000          0
    mgmt-connections              0         46       2000      82000          0
    proxy-connections             0          4      20972     859830          0
    xlates                        0          0      20972     859830          0
    bandwidth                     0   17715713   10000000  535000000    5799749
      throughput                  0   17710993   10000000  410000000    5799749
      mgmt-traffic rate           0       4720          0  125000000          0
    connection rate               0         43      20000     820000          0
    ssl-connections rate          0          0        100       4100          0
    mac-miss rate                 0          1         40       1640          0
    inspect-conn rate             0          0        120       4920          0
    acl-memory                56336      56336    1570072   64460552          6
    sticky                        0          0      83886          0          0
    regexp                        0          0      20972     859832          0
    syslog buffer             82944      82944      82944    3447808          0
    syslog rate                   0         44       2000      82000         25
  Context: INTEGRATION_Context
    conc-connections              0       3934     160000          0          0
    mgmt-connections              0         98       2000          0          0
    proxy-connections             0         33      20972          0          0
    xlates                        0          0      20972          0          0
    bandwidth                     0   10019910   10000000  125000000      40857
      throughput                  0   10000000   10000000          0      40857
      mgmt-traffic rate           0      19910          0  125000000          0
    connection rate               0         49      20000          0          0
    ssl-connections rate          0          0        100          0          0
    mac-miss rate                 0         32         40          0          0
    inspect-conn rate             0         58        120          0          0
    acl-memory                11920      11920    1570072          0          0
    sticky                        0          1      83886          0          0
    regexp                        0          0      20972          0          0
    syslog buffer                 0      82944      82944    3447808          0
    syslog rate                   0        312       2000          0          0
  these above 2 contexts are the only one which has bandwidth resource usage exceeding the limit. but i somehow am not sure if this is the issue. as there is just no traffic on the secondary .. then how can the bandwidth reach the threshold? can anyone throw some light on the below issue?
  thanks and regards
  kiran

  vlan on Standby_ACE switch
  svclc multiple-vlan-interfaces
  svclc module 1 vlan-group 1,4,12,13,
  svclc vlan-group 1  968
  svclc vlan-group 12  132
  svclc vlan-group 13  367-372,374,375,379,380,538,805,807,808,818,913,915
  svclc vlan-group 13  917-920,922-924,933,934,937,938,942-949,972,976-979,983
  svclc vlan-group 13  984
  ip subnet-zero
  no ip source-route
  vlans on standby ACE
  switch/Admin# sh vlans
  Vlans configured on SUP for this module
  vlan132  vlan360  vlan367-375  vlan379-380  vlan538  vlan805  vlan807-808  vlan818  vlan913  vlan91
  5  vlan917-920  vlan922-924  vlan930  vlan933-934  vlan937-938  vlan942-949  vlan968  vlan971-972  v
  lan976-979  vlan983-984
  switch/Admin#
  Active_LB_host_switch is the switch hosting the  active ACE thats connected on ten7/4 and 8/4 which is bundeled and made into
  port-channel (po72)
  CDP neighbor hosting the active ACE
  Active_LB_host_switch
                   Ten 7/4           148          R S I     WS-C6513  Ten 7/4
  Active_LB_host_switch
                   Ten 8/4           156          R S I     WS-C6513  Ten 8/4
  Po72 allows all the vlans which is the configured for ACE modules.
  Port                Vlans allowed on trunk
  Po72                132,140,181,359-383,538,668,702,805-808,815-816,818-820,836,907,909-920,922-925,
              929-935,937-949,967-973,976-984,987,3212
  vlan 968 is the FT vlan and the same hass been allowed on the trunk port.
  everything looks good to me but still not sure why isnt the ACE module not coming to the network. it was working fine
  a few months back but all of a sudden it lost the network connectivity. i am not even able to ping the physical ip of the
  ACE module.
  thanks and regards
  kiran

• Monitoring the Cisco ACE module with SNMP

  We use 2 redundant Cisco ACE loadbalancer in our datacenter
  The models are ACE20-MOD-K9 with software A2(2.0)
  Does anybod know how to monitor the environment (cpu, memory) of such a module with snmp?
  We were not able to find an applicable MIB for that module.
  The CISCO-PROCESS-MIB.oid (ftp://ftp.cisco.com/pub/mibs/oid/CISCO-PROCESS-MIB.oid) seems not to reflect the correct oid's.
  What are the correct oid's for cpu and memory?
  Where can I find a detailed documentation for snmp-monitoring the cisco ace module?
  thanks

  Hi Patrik,
  to monitor the ACE I use these two MIB's:
  ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SLB-MIB.my
  ftp://ftp.cisco.com/pub/mibs/v2/CISCO-ENHANCED-SLB-MIB.my
  Example for CPU:
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Normale Tabelle";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  cpmCPUTotalEntry 1.3.6.1.4.1.9.9.109.1.1.1.1
  The resource usage and other interesting things you will find with a MIB browser.
  Achim

• How can ftp service on non-standard port be load balanced using Cisco ACE.

  How can ftp service on non-standard port be load balanced using Cisco ACE.For example ftp service required on tcp 2000 port

  Hi Samarjit,
  you can do this by specifying the port number in the class map that you create . Please find the below mentioend config guide where you can specify the tcp/udp port , range or ports or even the wild card to match the port.
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html#wp1318826
  Regards
  Abijith

• How to buy Cisco (ACE-UPG2-LIC=) 8Gbit to 16Gbit?

  The Cisco (ACE-UPG2-LIC=) product is an upgrade from 8Gbit to 16Gbit throughput. How does a customer get this license? It is for the Cisco ACE 20 or ACE 30 Modules, which I believe are End of Sale, but still supported.
  Any help would be appreciated..
  Thanks,
  RO

  You cannot buy the license. Neither Cisco nor any authorized reseller will sell it as the product is no longer for sale (as of 24 January 2014). Reference.
  You need to either make do with the ACE you have or migrate to a different ADC platform (like the Citrix Netscaler, F5 BigIP, A10 Networks appliances, etc.).

• QoS Cisco SCE8000, Caching Cisco IronPort WSA, Loadbalancing Cisco ACE solution

  Hi all,
  Our customer is a mobile operator. They need a integrated solution for caching, QoS and Loadbalancing in a combination. From my understanding of their goals, they need to providing stable and speedy broadband access as well as good user experience by the differentiation service offering. They need to classify IP traffic and prioritize and control of content-based services for a given subscriber while transparently and dynamically redirect and load balance the application level classified of IP traffic to a proxy caching server regardless of protocols such as http, https, ssl, ftp, flv, mms and rstp, sip, p2p....
  Attached pls find the RFP and technical specification for Caching and QoS.
  I appreciate your expertise to consult me whether I can propose for them the Cisco ACE standalone appliance or ACE engine module for 7600/6500 for loadbalancing, Cisco IronPort WSA for caching and dual Cisco SCE8000 for QoS as an integrated solution. Is this solution feasible/workable and where could I find the same reference or solution design or technical guidance on this?
  Thanks a lot and would like to hear from you at the soonest!
  Best regards,

• How Cisco ACE open connections to rservers?

  Hi
  How Cisco ACE decides that a new connection must be open to an rserver? I observed a spike of connections to 10x normal and want to understand what makes ACE open more connections to the rservers (besides more traffic coming in).
  As a follow up, is there a way I can check if sessions are getting replicated across rservers? I am using 'persistence rebalance' strict along with ‘cookie-insert’ for session stickiness.
  I am on a ACE20-MOD-K9 using system A2 (3.5)
  Regards,
  Manuel

  I do not know the answer to the connection question but I may be able to help on the session question.
  Now, if you are referring to session replciation between two ACE modules?  If so, you can do 'sho sticky database detail' and you will see two lines at the bottom of each entry for
  created-from-HA-peer:        FALSE
  HA-replicated-at-least-once: TRUE
  Now if you wanting to see if sticky sessions are divided evenly between the rservers, I often use
  sh sticky database group | inc | count
  and then run that for both real servers and will show how many sticky entries are on each real server. 

• How to monitor memory on Cisco ACE Appliance 4710?

  I'm trying to monitor the memory usage in balancers Cisco ACE Appliance 4710 with version A3 (2.2), but the OIDs cpmCPUMemoryUsed (.1.3.6.1.4.1.9.9.109.1.1.1.1.12) and cpmCPUMemoryFree (.1.3.6.1.4.1.9.9. 109.1.1.1.1.13) not work.
  What the right OID to monitor memory usage in balancers Cisco ACE 4710 Appliance?

  HI,
  You need to use  CISCO-ENHANCED-SLB-MIB .
  cpmProcExtMemAllocatedRev .1.3.6.1.4.1.9.9.109.1.2.3.1.1 (this gives the memory allocated to each process)
  You can also read up on the mib
  Hope this helps
  Venky

• Cisco ACE Module with Bluecoat Cache Proxy, Transparent and spoofing client IP

  Hello Dears,
  I'm trying to implement Cache loadbalancing through Cisco ACE Module.
  I have 2 Bluecoat cache proxies, when i do configure transparent proxy without spoofing client IP, everything work properly, but when I enable spoofing client IP (reflect client IP address), clients are not able to access internet, although they are going to cache servers, I can see their sessions.
  I'm afraid that I have a problem in the returned traffic PBR.
  can anyone help please.
  Thanks

  Hi Ibrahim
  I ahve reviewed the config. The ACE config is all god but I do see some issue with the switch side. If you are doing ip spoofing, then "match ip address" in pbr should be the client ip address. However, what you did is ip address between the ACE and MSFC. Try to configure the test client ip address into the below access-list.
  msfc---vlan 265---ACE--vlan 264----CE farm
  interface vlan 265
    description Interface_With_MSFC_SUBS_2_INTERNET
    ip address 168.168.1.52 255.255.255.248
    access-group input PERMIT_ALL
    service-policy input L3L4_PM
    no shutdown
  ip route 0.0.0.0 0.0.0.0 168.168.1.50
  ip access-list extended HSDPA_2_CACHE
  permit tcp 168.168.0.0 0.0.255.255 any eq www   <<<-- wrong
  ip access-list extended Internet_2_CACHE
  permit tcp any eq www 168.168.0.0 0.0.255.255   <<<---wrong
  interface Vlan 265
  description Interface_With_ACE
  ip address 168.168.1.50 255.255.255.248
  route-map INTERNET_2_HSDPA permit 10
  description "PBR for Response HTTP Traffic"
  match ip address Internet_2_CACHE
  set ip next-hop 168.168.1.52
  route-map HSDPA_2_INTERNET permit 10
  match ip address HSDPA_2_CACHE
  set ip next-hop 168.168.1.52
  regards
  Andrew

• T3 Oracle´s proprietary tunneling protocol and Cisco ACE

  Does anybody know if it is possible to load balance the T3 Oracle´s proprietary tunneling protocol supported by Oracle Weblogic with Cisco ACE?
  TIA,
  Claudio Uemura

  HI Claudio,
  I don't know much about T3 protocol, in short you can load balance almost anything really, the issue becomes to how granular and if you can do any intelligent inspection besides source and dest ip and if there are multiple different connections on different ports. These last points sort of decide whether it's worth it.
  - If you find the specifics about the connection ( port, type of protocol and type of connection ( long-lived or short lived) you should be able to setup a basic rule to test. A sniffer trace will give you the most information if oracle website does not explain T3 in detail.
  - From a quick search there also looks to be a method to encapsulate T3 inside a http packet on weblogic servers, if this were the case then you could do some deep packet inspection with regex etc to get more granular load balancing
  http://forums.oracle.com/forums/thread.jspa?threadID=706909
  I would think it's defintely worth looking at both options
  cheers,
  Chris

• Need help to Configure Cisco ACE 4710 Cluster Deployment

  Dear Experts,
  I'm newbie for Cisco ACE 4710, and still I'm in learning stage. Meanwhile I got chance at my work place to deploy a Cisco ACE 4710 cluster which should load balance the traffic between  two Application Servers based on HTTP and HTTPS traffic. So I was looking for good deployment guide in Cisco SBA knowledge base then finall found this guide.
  http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_DC_AdvancedServer-LoadBalancingDeploymentGuide-Feb2013.pdf
  This guide totally fine with my required deployment model. I have same deployment environment as this guide contains with ACE cluster that connects to two Cisco 3750X (Stack) switches. But I have some confusion places in this guide
  This guide follow the "One-armed mode" as a deployment method. But when I go through it further I have noticed that they have configured server VLAN as a 10.4.49.0/24 (all servers reside in it) and Client side VIP also in same VLAN which is 10.4.49.100/24 (even NAT pool also).
  My confusion is, as I have learned about Cisco ACE 4710 one-armed mode deployment method, it should has two VLAN segments, one for Client side which client request come and hit the VIP and then second one for Server side. which means besically two VLANs. So please be kind enough to go through above document then tell me where is wrong, what shoud I need to do for the best. Please this is an urgent, so need your help quickly.
  Thanks....!
  -Amal-

  Dear Kanwal,
  I need quick help for you. Following are the Application LB requirements which I received from my clinet side.
  Following detail required for configuring Oracle EBS Apps tier on HA:
  LBR IP and Name required to configure EBS APPS Tier (i.e, ap1ebs & ap2ebs nodes)
  Suggested IP and Name for LBR:
  IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
  ebiz.xxxx.lk [on port 80 for http protocol accessibility]
  This LBR IP & name must be resolve and respond on DNS network
  Server Farm detail for LBR Setup
  Following detail will be use for configuring the LBR:
  LBR IP and Name :
  IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
  ebiz.xxxx.lk [on port 80 for http protocol accessibility]
  This LBR IP & name must be resolve and respond on DNS network
  Server Farm Detail for LBR setup:
  Server 1 (EBS App1 Node, ap1ebs):
  IP : 172.25.45.19
  Server Name: ap1ebs.xxxx.lk [ap1ebs hostname is an example, actual hostname will be use]
  Protocol: http
  Port: 8000
  Server 2 (EBS App2 Node, ap2ebs):
  IP : 172.25.45.20
  Server Name: ap2ebs.xxxx.lk [ap2ebs hostname is an example, actual hostname will be use]
  Protocol: http
  Port: 8000
  Since my client needs to access URL ebiz.xxxx.lk which should be resolved by IP 172.25.45.21 (virtual IP) via http (80) before they deploy the app on the two servers I just ran web service on both servers (Linux) and was trying to access http://172.25.45.21 it was working fine and gave me index.html page. Now after my client has deployed the application then when he tries to access the page http://172.25.45.21 he cannot see his main login page. But still my testing web servers are there on both servers when I type http://172.25.45.21 it will get index.html page, but not my client web login page. What can I do for this ?
  Following are my latest config :
  probe http Get-Method
    description Check to url access /OA_HTML/OAInfo.jsp
    interval 10
    faildetect 2
    passdetect interval 30
    request method get url /OA_HTML/OAInfo.jsp
    expect status 200 200
  probe udp http-8000-iRDMI
    description IRDMI (HTTP - 8000)
    port 8000
  probe http http-probe
    description HTTP Probes
    interval 10
    faildetect 2
    passdetect interval 30
    passdetect count 2
    request method get url /index.html
    expect status 200 200
  probe https https-probe
    description HTTPS traffic
    interval 10
    faildetect 2
    passdetect interval 30
    passdetect count 2
    ssl version all
    request method get url /index.html
  probe icmp icmp-probe
    description ICMP PROBE FOR TO CHECK ICMP SERVICE
  rserver host ebsapp1
    description ebsapp1.xxxx.lk
    ip address 172.25.45.19
    conn-limit max 4000000 min 4000000
    probe icmp-probe
    probe http-probe
    inservice
  rserver host ebsapp2
    description ebsapp2.xxxx.lk
    ip address 172.25.45.20
    conn-limit max 4000000 min 4000000
    probe icmp-probe
    probe http-probe
    inservice
  serverfarm host ebsppsvrfarm
    description ebsapp server farm
    failaction purge
    predictor response app-req-to-resp samples 4
    probe http-probe
    probe icmp-probe
    inband-health check log 5 reset 500
    retcode 404 404 check log 1 reset 3
    rserver ebsapp1 80
      conn-limit max 4000000 min 4000000
      probe icmp-probe
      inservice
    rserver ebsapp2 80
      conn-limit max 4000000 min 4000000
      probe icmp-probe
      inservice
  sticky http-cookie jsessionid HTTP-COOKIE
    cookie insert browser-expire
    replicate sticky
    serverfarm ebsppsvrfarm
  class-map type http loadbalance match-any default-compression-exclusion-mime-type
    description DM generated classmap for default LB compression exclusion mime types.
    2 match http url .*gif
    3 match http url .*css
    4 match http url .*js
    5 match http url .*class
    6 match http url .*jar
    7 match http url .*cab
    8 match http url .*txt
    9 match http url .*ps
    10 match http url .*vbs
    11 match http url .*xsl
    12 match http url .*xml
    13 match http url .*pdf
    14 match http url .*swf
    15 match http url .*jpg
    16 match http url .*jpeg
    17 match http url .*jpe
    18 match http url .*png
  class-map match-all ebsapp-vip
    2 match virtual-address 172.25.45.21 tcp eq www
  class-map type management match-any remote_access
    2 match protocol xml-https any
    3 match protocol icmp any
    4 match protocol telnet any
    5 match protocol ssh any
    6 match protocol http any
    7 match protocol https any
    8 match protocol snmp any
  policy-map type management first-match remote_mgmt_allow_policy
    class remote_access
      permit
  policy-map type loadbalance first-match ebsapp-vip-l7slb
    class default-compression-exclusion-mime-type
      serverfarm ebsppsvrfarm
    class class-default
      compress default-method deflate
      sticky-serverfarm HTTP-COOKIE
  policy-map multi-match int455
    class ebsapp-vip
      loadbalance vip inservice
      loadbalance policy ebsapp-vip-l7slb
      loadbalance vip icmp-reply active
      nat dynamic 1 vlan 455
  interface vlan 455
    ip address 172.25.45.36 255.255.255.0
    peer ip address 172.25.45.35 255.255.255.0
    access-group input ALL
    nat-pool 1 172.25.45.22 172.25.45.22 netmask 255.255.255.0 pat
    service-policy input remote_mgmt_allow_policy
    service-policy input int455
    no shutdown
  ft interface vlan 999
    ip address 10.1.1.1 255.255.255.0
    peer ip address 10.1.1.2 255.255.255.0
    no shutdown
  ft peer 1
    heartbeat interval 300
    heartbeat count 10
    ft-interface vlan 999
  ft group 1
    peer 1
    no preempt
    priority 110
    associate-context Admin
    inservice
  ip route 0.0.0.0 0.0.0.0 172.25.45.1
  Hope you will reply me soon
  Thanks....!
  -Amal-

• Urgent!!! Cisco ACE and asymetric routing assistance needed

  I am wondering if someone can give me pointers on the cisco ACE
  and asymetric routes. I've attached the diagram:
  -Cisco IOS IP address is 192.168.15.4/24 and 4.1.1.4/24
  -Firewall External interface is 192.168.15.1/24,
  -Firewall Internal interface is 192.168.192.1/24,
  -F5_BigIP External interface is 192.168.192.4/24,
  -F5_BigIP Internal interface is 192.168.196.1/24 and 192.168.197.1/24,
  -host_y has IP addresses of 192.168.196.10/24 and 192.168.197.10/24,
  -Checkpoint has static route for 192.168.196.0/24 and 192.168.197.0/24
  pointing to the F5_BigIP,
  -host_y is dual-home to both VLAN_A and VLAN_B with the default
  gateway on host_y pointing to VLAN_A which is 192.168.196.1,
  -host_x CAN ssh/telnet/http/https to both of host_y IP addresses
  of 192.168.196.10 and 192.168.197.10.
  In other words, from host_x, when I try to connect to host_y
  via IP address of 192.168.197.10, the traffics will go through VLAN_B
  but the return traffics will go through VLAN_A. Everything
  is working perfectly for me so far.
  Now customer just replaces the F5_BigIP with Cisco ACE. Now,
  I could not get it to work with Asymetric route with Cisco ACE. In
  other words, from host_x, I can no longer ssh or telnet to host_y
  via IP address of 192.168.197.10.
  Anyone knows how to get asymetric route to work on Cisco ACE?
  Thanks in advance.

  That won't work because ACE uses the vlan id to distinguish between flows.
  So when the response comes back on a different vlan, ACE can't find the flow it belongs to and it drops it.
  Even if we could force it to accept the packet, ACE would then try to create a new flow for this packet and it will collide with the flow already existing on the frontend.
  You would need to force your host to respond on the same vlan the traffic came in.
  This could be done with client nat on ACE using different nat pool.
  Gilles.

• How do I get Cisco Connect back?

  I bought the Linsky E2000, and after I installed it Cisco Connect was installed too. Someone in my household uninstalled Cisco Connect so now my Linsky gaming adapter wont work so my laptop and PS3 can't go on the internet. How do I get Cisco Connect back?

  I gave up on Cisco Connect the same way I did the stock E300 firmware, so it's now moot to me. The one thing I found with the Connect software was that if you make a change to the router setup from the web interface, Connect lis likely to no work anymore.
  I was able to get it back a couple of times by changing the XML config file on *all* the machines. Most of the connect testing period, I wound up doing a 30-30-30 reset on the router and reconfiguring from scratch. No more, since I went to TomatoUSB.
  FBIG a.k.a. BezantSoft
  SOHO Network: E3000 TomatoUSB (1.28.7440 MIPSR2-Toastman E3000 USB Ext); WRT54G (Base Tomato 1.28.1816) as AP; Belkin 150 N+ Gbit Storage Router; HP [email protected] 64bHT W7(32bit)Ult & WinXP Virtual instance. HP [email protected], XPProSP3. IBM [email protected] XPProSP3. DIY P4 [email protected], W7Ult32. HP [email protected], XPProSP3, w 100M, 802.11G, builtins 1G PCMCIA & WUSB600N addon Nics. all running NM 5.5.9195.0-pure0.beta. Hawking PrtSrv 100M to USB. Offline: BEFW11S4, WRT54GC, ADSTech NAS 100Mx500Gb. Son took Xbox360 to college. {sniff!}

• Cisco ACE compatiblity with F5 GTM

  Hi,
  We have cisco ace 30 modules installed in cisco 6500 switches. For application availability purpose from the internet, we need to have some global site selector/3rd party devices with similar feature set that of cisco gss.
  My question is: whether cisco ace is compatible to ge tintegrated with other 3rd party devices like F5 GTM?
  kindly sugegst..

  Good afternoon,
  I'm not familiar with the GTM solution, but, as long as it's DNS-based like the GSS, it should be perfectly compatible. Bear in mind that the ACE is not aware on how clients are getting the IP address, it just replies to whatever connections it gets.
  Regards
  Daniel