Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
354
Views
0
Helpful
1
Replies

css can do this ?

ccie_weili714
Level 1
Level 1

‎11-13-2006 12:32 AM

the real servers directly connects to the 6509 and the server's default gateway is on the 6509.6509 connects to the css through trunking. on the css config the vip address which is on the same subnet of the servers. the user can through the VIP address access the real server's service ? if not ,how can do for this?

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎11-13-2006 02:45 AM

As a CCIE, I would expect you to know the requirement of TCP/IP.

Consider the CSS as a nating device.

So, right now you have a client talking to a nated address, but the server response is going directly to the client un-nated. Therefore breaking TCP connectivity.

You have to guarantee that the server respone goes back to the CSS.

There different ways to achieve this.

1/- easiest solution is to make the CSS the default gateway of the server

OR

2/- configure client nat on the CSS. This is done with a "group".

ie:

group Client

vip x.x.x.x (same as your content rule)

add destination service

.... (add as many as needed)

active

OR

3/- Use policy routing to catch server traffic with source port equal to your application port (ie 80) and redirect the traffic to the CSS.

(1) is the easiest, (2) has a drawback - the server do not see the real client ip - so no stats possible, (3) is complex but a good solution.

Finally, if you have issues with a CSS, have a sniffer tool ready. Again, as a CCIE you should be able to troubleshoot connectivity issue with a sniffer.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card