Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
597
Views
0
Helpful
4
Replies

CSM server originated connections

dobner
Level 1
Level 1

‎07-01-2004 05:06 AM

Hi,

I have a CSM running in router mode with one client vlan, one server vlan and two server vlans for SCAs. Load Balancing is ok, connections directly to the servers and the SCAs through the CSM are ok.

Connections from the server vlan directed to the outside via next hop into the client vlan

(the opposite direction of the usual access) don't work.

Scenario: Server - CSM - MSFC

The client VLAN has the MSFC vlan interface configured as its gateway, the cisco docu says,

that server originated connections should work by default without any NAT, but they don't here.

I also tried "static nat <ip>" and "static nat virtual", no success. The outside vlan interface of the CSM is the last point I can ping, the MSFC doesn't respond, though it is the gateway

address.

Funny: I can ping the SCAs in their vlans and the SCAs can ping the gateway on the MSFC,

it's only from the servers into the client vlan that has trouble...

Does anyone have an idea what's wrong?

Thanks for every hint

Uli

Labels:
0 Helpful
4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

‎07-02-2004 01:25 AM

It works for me.

Do a 'sho mod csm X conn' and look for the entry created for the ping from the server to the msfc.

Make sure the response from the msfc matches the entry - same vlan !!!

Check the route from msfc to server and make sure it goes to the same vlan as traffic from server to msfc.

Also, if you did some modification in the vlans or static routes, clear the csm connections since icmp creates long lived entry.

Regards,

Gilles.

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to Gilles Dufour

‎07-02-2004 02:58 AM

one more remark - is the server in the server vlan configured as a real on the CSM ?

If the CSM does not have an ARP entry for this server it will reject the traffic from this server.

Regards,

Gilles.

0 Helpful

dobner
Level 1
Level 1
In response to Gilles Dufour

‎07-05-2004 03:31 AM

Gilles,

I think this could be the point! I can remember that I had this problem: Ping from client to server opens reverse direction. Can I use static ARP entries to solve this problem? Or is there a "less static" way"

Many thanks

Uli

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to dobner

‎07-05-2004 05:30 AM

you can create a serverfarm and list all the hosts for which you need to know the ip address.

You don't need to use this serverfarm.

It serves just for making sure we arp for theses devices.

Regards,

Gilles.

0 Helpful
Customers Also Viewed These Support Documents