Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
315
Views
0
Helpful
1
Replies

Hit the VIP from the server side behind the CSM in L2?

jcmattos1
Level 1
Level 1

‎10-27-2006 07:43 AM

We have a CSM w/ 4.1.6 and would like our RIPS to be able to access a VIP on the same CSM they are on the same subnet but different vlans in L2 design. Any ideas to make this work?

Labels:
0 Helpful
1 Reply 1

b.hsu
Level 5
Level 5

‎11-02-2006 09:14 AM

According to DE, the SSL blade will apply its local subnet mask to the incoming packet's source IP. In your case, you had a /24 subnet mask configured on the SSL's vlan, so addresses that end with .0 or .255 would be discarded since the blade treated them as network or broadcast addresses.

The workaround is to configure the lowest subnet mask on the SSL proxy vlan where traffic is received (like a /8).

Configure ssl-proxy vlan with lowest mask to receive traffic or configure ssl-proxy vlan where traffic received to lowest mask (ie,. /8 mask) or load next maintenance release image 2.1(2)

0 Helpful
Customers Also Viewed These Support Documents