Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
3
Replies

ERROR in content NATing

aliver
Level 1
Level 1

‎06-16-2005 11:50 PM

Good day!

There is scheme

uplink uplink

| |

CSS1------CSS2

| |

|--Server--|

Server is directly connect by two interfaces to CSSes in hot reserv mode (active one interface only).

CSSes is configured in active-standby mode.To each other they connected through isc and trunk link.

This is part of config:

!************************* INTERFACE *************************

interface 2/7

bridge vlan 100

interface 2/15

isc-port-one

interface 2/16

trunk

vlan 100

!************************** CIRCUIT **************************

circuit VLAN100

ip address 192.168.33.253 255.255.255.224

ip virtual-router 3 priority 110 preempt

ip redundant-interface 3 192.168.33.254

!************************** SERVICE **************************

service Test

ip address 192.168.33.247

redundant-index 45

port 80

protocol tcp

keepalive type http

active

!*************************** OWNER ***************************

content Test

add service Test

vip address 192.168.32.7

protocol tcp

port 80

redundant-index 105

active

When server communicate via interface connected to active CSS - all is OK!

But when something happen and server switch to second interface (traffic must go across standby CSS via trunk to active CSS)...to client come not NATed packets (with real server source ip, but not VIP), and application not see response.

I was try to create group for destination service with the same vip 192.168.32.7 and its work. But server need real ip of clients for correct working and groups is not decision.

All master and slave virtual-router and redundant-interfaces on CSSes are all right.

In ACL on vlan 100 on CSS1 i'm not see any hitcounts from ip server to ip client.On CSS2 there are hitcounts on content hits value.

How else i can to see is response packets come from server to CSS1?

Why does it happen? and how correct problem?

Thanks!

Labels:
0 Helpful
3 Replies 3

jfoerster
Level 4
Level 4

‎06-17-2005 02:20 AM

Hi,

from my point of view you need to cinfugure unconditioned bridging on the CSSes (see http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801ee746.html#1072797)

explanation:

Without undcondition bridging the CSS2 will forward the traffic directly without letting CSS1(active CSS) giving the chance to do the necessary changes definied in the content rule.

Kind regards

Joerg

0 Helpful

aliver
Level 1
Level 1
In response to jfoerster

‎06-17-2005 04:25 AM

Thank You very much, Joerg!!

Its just that what I need!

0 Helpful

jfoerster
Level 4
Level 4
In response to aliver

‎06-20-2005 07:00 AM

HI,

if the posting solved your issue please mark this posting to have a solution so that other guys can see that this problem is resolved.

TIA.

Joerg

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card