Help: source natting won't work on my CSM

robert.huang · ‎10-14-2010

Hi All,

My Cisco catalyst 6513 is connecting to another cisco 7513 router. Both of them have "network 0.0.0.0 0.0.0.0 area 0" in the OSPF statement so that all interfaces are inter-pingable. Real Servers "10.124.56.1" and "42.100.0.73" are loopback1 and loopback2 on the 7513 router. 42.108.128.1 is the Vlan 33 on the MSFC of the 6513 Switch.

6513_Ext1#sh run mod 5
Building configuration...

Current configuration : 520 bytes
module ContentSwitchingModule 5
vlan 33 client
ip address 42.108.128.2 255.255.255.0
gateway 42.108.128.1
!
natpool POOL-TN3270 42.108.128.150 42.108.128.190 netmask 255.255.255.0
!
probe PROBE-PING icmp
!
serverfarm SF-TN3270
nat server
nat client POOL-TN3270
predictor leastconns
real 10.124.56.1
inservice
real 42.100.0.73
inservice
probe PROBE-PING
!
vserver VTN3270
virtual 42.108.128.101 tcp 0
serverfarm SF-TN3270
persistent rebalance
inservice
!
end

From my workstation 42.108.92.105, I start a telnet session to the VIP 42.108.128.101. But the session waits there and then times out. I can't see the login screen. From the below command, I can see the session is established. So I would think just the return traffic won't get back to my workstation. Please help me resolve this problem. Thank you very much.

6513_Ext1#sh mod csm 5 conn detail

    prot vlan source                destination           state
----------------------------------------------------------------------
In TCP 33   42.108.92.105:2626    42.108.128.101:23     ESTAB
Out TCP 33   42.100.0.73:23        42.108.128.150:8195   ESTAB
    vs = VTN3270, ftp = No, csrp = False

6513_Ext1#

Gilles Dufour · ‎10-15-2010

I would suggest to take sniffer traces on the server and on the CSM portchannel.

Make sure the server does receive the SYN and check if the SYN/ACK comes back to the CSM.

Gilles.