Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
509
Views
0
Helpful
1
Replies

ACE Module and FWSM problem

amazumde
Level 1
Level 1

‎08-27-2008 08:03 PM

I have a Catalyst 6500 with an ACE and Firewall Service Module (FWSM) installed. See Diagram.

The server sits in VLAN 10 which is configured in both ACE and FWSM. The server load balancing is configured in DSR mode (Direct Server Return) which means that the request from the client goes through the VIP configured in the ACE but the server's default gateway point to the FWSM. The purpose is to avoid high volume return traffic from the server through the ACE. The client sits in VLAN 14. I am able to ping the VIP address. By pinging VIP I mean load balancing ICMP (not "loadbalance vip icmp-reply"). However SSL or SSH to the VIP does not work. I suspect this may be an issue with the FWSM but not sure. Any suggestions?

Labels:
6743-ACE-DSR-FWSM.jpg
Preview file
49 KB
0 Helpful
1 Reply 1

Syed Iftekhar Ahmed
Level 8
Level 8

‎08-28-2008 10:00 AM

FWSM is dropping it as it has not seen the initial packets (Assymetric traffic). You will need to disable stateful inspection on FWSM to make it work.

Syed Iftekhar Ahmed

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Top