cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
391
Views
0
Helpful
1
Replies

CSS11501 primarySorryServer on the remote side

m-bachmann
Level 1
Level 1

I have a server farm listening to services for http and smtp (but on non standard ports).

Customer wants to have a sorry server on the remote side (all local server fell down or are suspended - e.g. for a maintainance window).

Since I have more than one service different from http a simple redirect service is not sufficient. Sorry Server on the inside works perfectly - already tested.

I cannot sniff the traffic right now at customer side and only get a "trying..."

I think of having a problem in socket communication......

A client on the outside accesses CSS VIP

- the flow entry perfectly shows the src ip of the client , the dst ip and the dst nat defined with the backup service.

- as well I can see a flow for the returning paket where I'm quite unsure if this tells me the truth or if it is an entry in advance and I don't have a paket already travelled back to CSS (still to check ...)

For the communication to work I would expect also the src ip to be translated into the CSS VIP to guarantee the returning paket passing through CSS doing all the reverse NAT keeping the socket pairs in line.

Unfortunately there is no column SRC NAT where I can check.

Is there a way to define a remote sorryserver at all ?

In parallel I will check with tcpdump at customer site.

Thx

---Maik

1 Reply 1

m-bachmann
Level 1
Level 1

FYI

Combination of primarySorryService and source group with add destiantion service did the trick.

service backup

some ip on the remote side

content rule xx

primarySorryServer backup

group bypass

add destination service backup

vip some-vip

Rgds

---Maik

Review Cisco Networking for a $25 gift card