Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
402
Views
0
Helpful
1
Replies

CSS11503 config problems

Jon Marshall
Hall of Fame
Hall of Fame

‎06-22-2004 10:44 AM

Hello all

I am new to the 11503 switches and would appreciate some help with the config. We are replacing our LD417G's with these switches and because of our current DMZ setup & ip addressing i cannot setup the 11503's in router mode. What i have done is:

1) Create 2 vlan's (10 & 11) using the same ip subnet

2) On the 11503 i have only one circuit for vlan 1.

3) I have connected the reverse proxies to vlan 11 and one of the 11503 interfaces.

4) on vlan 10 is the default gateway ( a pix dmz interface ), none loadbalanced servers and another interface from the 11503.

5) All servers ( loadbalanced and non-loadbalanced have their default gateway set as the pix dmz interface ).

Consequently all client traffic to the reverse proxies go through the 11503. Only real problem is when the reverse proxies talk to their server counterparts (as oppose to the clients ) they have to through the 11503. We tested it by checking the proxy logs and it does seem to be load balancing the client requests ( altho "sh flows" doesn't seem to show much ).

My questions:-

1) Is there a better way of trying to achieve this. I am unfortunatley limited to one ip subnet for the loadbalancer, the reverse proxies and the non-loadbalanced servers.

2) Would this setup be affecting the operation of the SSL module. I packet sniffed the https connection and saw a full tcp handshake, packets being sent from the client but no responses from the 11503.

Any help / advice would be very much appreciated

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎06-23-2004 01:58 AM

Jon, a quick suggestion : post your config and network diagram so we can better understand what you are doing.

Then, explain us exactly the problem.

This is not clear to me.

You first ask if there is a better way to achive this - with the limitation that You have I don't think so.

Unless you are ready to change the ip addressing scheme, which I would suggest you to do.

Then you mention some problems with HTTPS traffic, but nowhere else in your explanation did you talk about https.

So, send us config and diagram and an explanation of the problem - one at a time - so start with the most important first.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card