01-29-2003 06:07 PM
I'm having problems with a CSS11000 when we're using it with services that are not located on the same subnet as the L4 switch
The CSS11000 is acting as a default gateway for a subnet that has a number of firewalls connected to it, and there are web servers that we are wanting to define as services behind those firewalls.
When we define the services on the CSS11000, we find that the service status cycles through alive/dying/down and throughput is poor.
We know that L3 routing is okay, and we have ruled out the firewalls as an issue by replacing them with a standard router during testing.
If we place a web server on the same subnet as the L4 and configure it as a service, everything is fine.
Anyone got any ideas as to why the CSS doesn't like services that are off-subnet?
01-30-2003 08:36 AM
it should not be a problem.
I have the same thing in my lab and it works.
How did you define your keepalive ?
Just ICMP or TCP or HTTP ?
Try to sniff the keepalive to see if the CSS is getting the replies from the server.
Also, did you open your firewall for the keepalives ?
Gilles.
01-30-2003 01:21 PM
Gilles,
Thanks for the reply, we have tried both HTTP and ICMP keepalives, and made the necessary rule changes on the firewalls (and on the router when we swapped it for the firewall)
I'm still stumped for ideas
GM
01-31-2003 03:24 AM
can you ping the server from the CSS ?
Could you give us your config ?
What about the sniffer trace ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide