Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
10
Helpful
3
Replies

CSS + PIX + Madness + Help!?

johnny_br
Level 1
Level 1

‎12-14-2004 03:31 AM

Hi,

Here is my situation: I have a PIX 525 (w/ FO) running at a collocation. I have a VPN link between the Colo and the office used to manage the server behind. Very simple setup:

TheNet <--> Router 7204VXR <--> PIX525 <--> LAN

| <-- T1 to Office (VPN between PIXs)

(Office) -> Router 1605E <--> PIX506 <--> LAN

At the colo, I have a Cat4503 (SupII + 48/Gb) + 2950XL.

Web-servers, db, NAS are connected to the 4503. While, router, PIX are on the 2950.

So, now I'm about to introduce a CSS11503 into the mix, thus my dilemma:

- How do I get it in-and-behind the PIX without redoing everything?

The CSS is equipped with:

- CSS5-SCM-2GE

- CSS5-IOM-16FE

At the moment there are only a dozen web-servers that will be load-balanced. The rest shall remain mapped thru the PIX. The NAS, db will need to stay connected with both groups (lb'd and not lb'd) thru the 4503 (need Gb link for all). So, basically I want to leave the current subnet alone, while some server will be mapped thru the PIX and others thru the CSS (then PIX?).

I've looked at the one-arm config (see link below), but I am afraid that I can't do without "the real client source IP address".

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080093dff.shtml

I also thought about:

Net <-(NAT)-> (PIX) <-(NAT)-> (CSS) <-> (LAN)

But, how am I going to get away with not redoing most of my current setup? Multi-homed servers? Anyway, it's 3:30am, and I'm about to lose it.

If any of the above has made any sense to you, please point me in the right direction!

Best Regards,

Johnny

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎12-16-2004 04:10 AM

introduce the CSS between the pix and the switch.

Configure the 2 physical interface of the CSS to be in the same circuit/vlan.

Like this, all you have is still working.

CSS is just another L2 switch.

Now, you can virtual ip addresses for the servers that need to be loadbalanced.

Regards,

Gilles.

jfoerster
Level 4
Level 4
In response to Gilles Dufour

‎12-16-2004 04:38 AM

HI gilles,

reading your explantion gives me the feeling that the CSS supports something similar like the bridged-mode the CSM supports. Is this correct are am I missing something?

If it supports bridged mode does it have the same functionality the CSM offers in terms of the bridged mode?

TIA

Kind Regards,

Joerg

0 Helpful

johnny_br
Level 1
Level 1
In response to Gilles Dufour

‎12-17-2004 08:27 PM

Hi Gillies: Thanks very much for the info. For some reason, I was under the impression that bridge-path SLB wasn't possible with the CSS. Anyway, I configed the CSS as your mentioned, and everything is working wonderfully.

Thanks again.

Johnny

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card