Showing results for 
Search instead for 
Did you mean: 

CSS as default gateway

I was operating CSS as One arm mode with multiple C

classes which was working fine but the problem was

Stats which only showed CSS as the client IP address.

So the config was like this

circuit Vlan 1

ip address x.x.x.2

ip address y.y.y.2

ip address z.z.z.2

ip route x.x.x.1

ip route y.y.y.1

ip route z.z.z.1

Since then to get the stats I changed the mode and configured CSS as the gateway on the backend servers.

So the configuration is

BackendServer -> CSS -> Firewall -> Internet

return path

Internet  -> Firewall -> Backend Server

With this configuration , I can't get all the C classses working.

If I use only 1 C class with One default route then it works and backend servers can browse the Internet and Load Balancing works as well and we get the starts in IIS logs with Client IP address.

I am using IP ECMP address inthe config.

Is their a way to get multiple C classes working in this scnerio.

Thanks in Advance.

Cisco Employee

Re: CSS as default gateway

Problem is that asymetric routing is not supported with loadbalancer.

Because they are statefull devices just like firewalls.

So connections initiated from clients to CSS will be ok because they have to hit the VIP which is owned the CSS.

But connections opened by servers will fail.

So, the operation is not as easy as changing the default gateway.

You should put the CSS between the servers and the can use the bridging feature and you don't even need to change the default gateway.

Simply put all servers in one vlan, and the firewall in another vlan.  connect a port of each vlan into the CSS and put them under the same circuit vlan of the CSS so that it does bridge the 2 vlans.