Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
516
Views
0
Helpful
3
Replies

CSS and SCA One-Armed Transparent Mode Problem

nalcomis75
Level 1
Level 1

‎03-23-2005 10:29 AM

I am having a routing problem (I believe) with my One-Arm Transparent Proxy configuration. When the SSL traffic (port 443) is sent to the CSS, the CSS forwards it off to the SCA on port 443. The SCA then forwards it back to the VIP on port 81 (verified with "show netstat" on the SCA). For some reason the CSS is not properly routing the inbound port 81 traffic to the back end servers. It is instead forwarding the traffic directly back to the client with a source port of 81 and a source IP of the VIP. I verified this with a packet sniffer on the client. When transparent mode is disabled on the SCA, the system functions properly (minus the transparent IP functionality). Has anybody seen this before? Thanks.

Labels:
0 Helpful
3 Replies 3

pknoops
Level 3
Level 3

‎03-23-2005 10:54 AM

Do you have a port 80 content rule and a port 81 content rule. They would look indentical except one was for SCA traffic only and the other would be for stright port 80 traffic from your clients.

What does the SCA config look like for the port 81 traffic being sent to the CSS ?

Regards

Pete..

0 Helpful

nalcomis75
Level 1
Level 1
In response to pknoops

‎03-23-2005 11:05 AM

Pete,

Thanks for the reply. Attached are my configs.

Preview file
4 KB
0 Helpful

nalcomis75
Level 1
Level 1
In response to pknoops

‎03-23-2005 11:23 AM

Pete,

I have a both a 80 and 81 content rule. I really don't need the 80 rule. The clients will be forced communicate with the servers via SSL.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card