cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
500
Views
0
Helpful
1
Replies

ACE Module and FWSM problem

amazumde
Level 1
Level 1

I have a Catalyst 6500 with an ACE and Firewall Service Module (FWSM) installed. See Diagram.

The server sits in VLAN 10 which is configured in both ACE and FWSM. The server load balancing is configured in DSR mode (Direct Server Return) which means that the request from the client goes through the VIP configured in the ACE but the server's default gateway point to the FWSM. The purpose is to avoid high volume return traffic from the server through the ACE. The client sits in VLAN 14. I am able to ping the VIP address. By pinging VIP I mean load balancing ICMP (not "loadbalance vip icmp-reply"). However SSL or SSH to the VIP does not work. I suspect this may be an issue with the FWSM but not sure. Any suggestions?

1 Reply 1

FWSM is dropping it as it has not seen the initial packets (Assymetric traffic). You will need to disable stateful inspection on FWSM to make it work.

Syed Iftekhar Ahmed

Review Cisco Networking for a $25 gift card