Sorry, I missed entering the policy details.

I have configured "STICKY" on BOTH the policy and Virtual Server. The Cisco docs are VERY VAGUE.

This is what the Cisco documentations says:

"(OPTIONAL) Configures connections from the client to use the same real server. The default is sticky off"

Could you explain this in plain english, say for the dumb folks like me? 8)... PLEASE dont feel like you are giving me too much information - I have VERY thick skin.

Did I configure it correctly, is it configured just wrong or what? My experience is that you can configure MANY things wrong and traffic still flows.

My Topology:

.INTERNET

.|        |

 R-----R

 |         |

CSM---CSM

 |         |

 FW    FW

 |         |

CSM---CSM

 |         |

 R-----R

INTERNAL NET

My config:

!

policy FTP

client-group NIHnets

serverfarm FTPOUT backup BACKUP-FTPOUT sticky

!

serverfarm FTPOUT

no nat server

no nat client

predictor hash address source

failaction purge

real name B12-GEFW1-DMZ

health probe FWOS-[R]-CLIENT

inservice

real name FW-GEFW1-DMZ

inservice

probe OUT-SRV-ALIAS

!

vserver FTPOUT

virtual 0.0.0.0 0.0.0.0 tcp ftp service ftp

vlan 160

sticky 300 group 20

reverse-sticky 20

replicate csrp sticky

replicate csrp connection

persistent rebalance

slb-policy FTP

inservice

!

sticky 20 netmask 255.255.255.255 timeout 300

Thanks for helping!

Frank

PS URLs that explain this stuff in detail would be GREAT too!

try not to use the policy.

This is not required in your case.

Do not configure sticky and reverse-sticky under the same vserver.

I wrote a document describing how to use reverse-sticky for firewall loadbalancing.

You can find it at :

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a008020927a.shtml

Regards,

Gilles.