Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
389
Views
0
Helpful
1
Replies

CSM 411 probe issues

fsebera
Level 4
Level 4

‎03-22-2005 09:36 AM

CSM Config below. Configured FTP 4 redundancy. Is there a way 2 tie PRIMARYOUTBOUND SF/VS probes 2 FTPOUT SF/VS so I don't have 2 send additional pings 2 remote side. Current setup requires each new SF/VS pair 2 send pings 2 remote side - Doesn't seem scalable.

R-----R

| |

CSM---CSM

| |

FW FW (Both firewalls are used simultaneously)

| |

CSM---CSM

| |

R-----R

module CSM 4

ft group 2 vlan 167

priority 110

preempt

!

vlan 160 client

ip address 192.168.200.165 255.255.255.240

route x.x.x.x x.x.x.0 gateway 192.168.200.161

route x.x.x.x x.x.x.0 gateway 192.168.200.161

route x.x.x.x x.x.x.0 gateway 192.168.200.161

alias 192.168.200.166 255.255.255.240

!

vlan 161 server

ip address 192.168.200.10 255.255.255.240

alias 192.168.200.12 255.255.255.240

!

probe OUT-SRV-ALIAS icmp

address 192.168.252.65

interval 5

failed 10

!

probe FWOS-[R]-CLIENT icmp

address 192.168.252.51

interval 5

failed 10

!

real B12-GEFW1-DMZ

address 192.168.200.8

inservice

real FW-GEFW1-DMZ

address 192.168.200.9

inservice

!

serverfarm BACKUP-FTPOUT

no nat server

no nat client

predictor hash address source

failaction purge

real name B12-GEFW1-DMZ

inservice

probe OUT-SRV-ALIAS

!

serverfarm BACKUP-OUTBOUND

no nat server

no nat client

predictor hash address source

failaction purge

real name B12-GEFW1-DMZ

inservice

probe OUT-SRV-ALIAS

!

serverfarm FTPOUT

no nat server

no nat client

predictor hash address source

failaction purge

real name B12-GEFW1-DMZ

health probe FWOS-[R]-CLIENT

inservice

real name FW-GEFW1-DMZ

inservice

probe OUT-SRV-ALIAS

!

serverfarm OUTSIDE-TO-NIH

no nat server

no nat client

predictor forward

failaction purge

!

serverfarm PRIMARYOUTBOUND

no nat server

no nat client

predictor hash address source

failaction purge

real name B12-GEFW1-DMZ

health probe FWOS-[R]-CLIENT

inservice

real name FW-GEFW1-DMZ

inservice

probe OUT-SRV-ALIAS

!

serverfarm RETURN-FTP

no nat server

no nat client

predictor forward

failaction purge

!

sticky 20 netmask 255.255.255.255 timeout 300

!

policy HOW-TO-FORWARD

serverfarm PRIMARYOUTBOUND backup BACKUP-OUTBOUND sticky

!

policy FTP

serverfarm FTPOUT backup BACKUP-FTPOUT sticky

!

vserver FTPOUT

virtual 0.0.0.0 0.0.0.0 tcp ftp service ftp

vlan 160

sticky 300 group 20

reverse-sticky 20

replicate csrp sticky

replicate csrp connection

persistent rebalance

slb-policy FTP

inservice

!

vserver NIH-161-VS-A

virtual xxx.xxx.0.0 255.255.0.0 any

vlan 161

serverfarm OUTSIDE-TO-NIH

replicate csrp sticky

replicate csrp connection

persistent rebalance

inservice

!

vserver NIH-TO-OUTSIDE

virtual 0.0.0.0 0.0.0.0 any

vlan 160

replicate csrp sticky

replicate csrp connection

persistent rebalance

slb-policy HOW-TO-FORWARD

inservice

!

vserver RETURN-FTP

virtual 0.0.0.0 0.0.0.0 tcp ftp service ftp

vlan 161

serverfarm RETURN-FTP

replicate csrp sticky

replicate csrp connection

persistent rebalance

inservice

vserver type prot virtual vlan state conns

NIH-161-VS-A SLB any x.x.x.x/16:0 161 OPERAT 27377

NIH-161-VS-B SLB any x.x.x.x/16:0 161 OPERAT 2051

NIH-161-VS-C SLB any x.x.x.x/16:0 161 OPERAT 1986

NIH-161-VS-D SLB any x.x.x.x/18:0 161 OPERAT 108

NIH-TO-OUTSIDE SLB any 0.0.0.0/0:0 160 OPERAT 57919

FTPOUT SLB TCP 0.0.0.0/0:21 160 OPERAT 79

RETURN-FTP SLB TCP 0.0.0.0/0:21 161 OPERAT 0

show mod csm 4 policy

policy: HOW-TO-FORWARD

serverfarm: PRIMARYOUTBOUND

backup serverfarm: BACKUP-OUTBOUND (sticky)

policy: FTP

serverfarm: FTPOUT

backup serverfarm: BACKUP-FTPOUT (sticky)

Labels:
0 Helpful
1 Reply 1

umedryk
Level 5
Level 5

‎03-28-2005 11:27 AM

As far as I know, this cannot be done.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card