Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
394
Views
0
Helpful
2
Replies

CSS Implementation

bdavis01
Level 1
Level 1

‎10-15-2004 01:09 PM

Currently CSS 11500 is setup on inside network behind firewall and is set with a default route of our core switch. If possible though would like to load balance servers on both the inside and DMZ networks. Is this going to be possible and if so how do I do it?

Thanks

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎10-16-2004 12:25 AM

with 1 css it is not possible without loosing on security.

The reason is that the CSS needs to see the response from the servers.

So you would have to make sure that traffic from the servers in the DMZ goes back to CSS located on the inside and then out through the firewall.

This is like connecting a router between dmz and inside which is not good.

Solution A - a 2nd CSS for the dmz.

Solution B - move the CSS on the outside [assuming you do not need to loadbalance connection from internal users]

Solution C - you leave the CSS on the inside but you configure client nat to guarantee that dmz servers will send traffic back to CSS through the firewall

[disadvantage - your servers won't know the real client ip address]

Regards,

Gilles.

0 Helpful

bdavis01
Level 1
Level 1
In response to Gilles Dufour

‎10-16-2004 11:10 AM

That really helps, thank you....

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card