https://community.cisco.com/t5/application-networking/css11503-config-problems/m-p/273752#M4095 <HTML><HEAD></HEAD><BODY><P>Jon, a quick suggestion : post your config and network diagram so we can better understand what you are doing.</P><P>Then, explain us exactly the problem. </P><P>This is not clear to me.</P><P>You first ask if there is a better way to achive this - with the limitation that You have I don't think so.</P><P>Unless you are ready to change the ip addressing scheme, which I would suggest you to do.</P><P>Then you mention some problems with HTTPS traffic, but nowhere else in your explanation did you talk about https.</P><P></P><P>So, send us config and diagram and an explanation of the problem - one at a time - so start with the most important first.</P><P></P><P>Gilles.</P></BODY></HTML> Wed, 23 Jun 2004 08:58:24 GMT Gilles Dufour 2004-06-23T08:58:24Z https://community.cisco.com/t5/application-networking/css11503-config-problems/m-p/273751#M4094 <P>Hello all </P><P></P><P>I am new to the 11503 switches and would appreciate some help with the config. We are replacing our LD417G's with these switches and because of our current DMZ setup &amp; ip addressing i cannot setup the 11503's in router mode. What i have done is: </P><P></P><P>1) Create 2 vlan's (10 &amp; 11) using the same ip subnet</P><P>2) On the 11503 i have only one circuit for vlan 1.</P><P>3) I have connected the reverse proxies to vlan 11 and one of the 11503 interfaces.</P><P>4) on vlan 10 is the default gateway ( a pix dmz interface ), none loadbalanced servers and another interface from the 11503. </P><P>5) All servers ( loadbalanced and non-loadbalanced have their default gateway set as the pix dmz interface ). </P><P></P><P>Consequently all client traffic to the reverse proxies go through the 11503. Only real problem is when the reverse proxies talk to their server counterparts (as oppose to the clients ) they have to through the 11503. We tested it by checking the proxy logs and it does seem to be load balancing the client requests ( altho "sh flows" doesn't seem to show much ). </P><P></P><P>My questions:- </P><P></P><P>1) Is there a better way of trying to achieve this. I am unfortunatley limited to one ip subnet for the loadbalancer, the reverse proxies and the non-loadbalanced servers. </P><P></P><P>2) Would this setup be affecting the operation of the SSL module. I packet sniffed the https connection and saw a full tcp handshake, packets being sent from the client but no responses from the 11503. </P><P></P><P>Any help / advice would be very much appreciated</P><P></P><P></P> Tue, 22 Jun 2004 17:44:28 GMT https://community.cisco.com/t5/application-networking/css11503-config-problems/m-p/273751#M4094 Jon Marshall 2004-06-22T17:44:28Z https://community.cisco.com/t5/application-networking/css11503-config-problems/m-p/273752#M4095 <HTML><HEAD></HEAD><BODY><P>Jon, a quick suggestion : post your config and network diagram so we can better understand what you are doing.</P><P>Then, explain us exactly the problem. </P><P>This is not clear to me.</P><P>You first ask if there is a better way to achive this - with the limitation that You have I don't think so.</P><P>Unless you are ready to change the ip addressing scheme, which I would suggest you to do.</P><P>Then you mention some problems with HTTPS traffic, but nowhere else in your explanation did you talk about https.</P><P></P><P>So, send us config and diagram and an explanation of the problem - one at a time - so start with the most important first.</P><P></P><P>Gilles.</P></BODY></HTML> Wed, 23 Jun 2004 08:58:24 GMT https://community.cisco.com/t5/application-networking/css11503-config-problems/m-p/273752#M4095 Gilles Dufour 2004-06-23T08:58:24Z