cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
131
Views
0
Helpful
1
Replies
Beginner

Hit the VIP from the server side behind the CSM in L2?

We have a CSM w/ 4.1.6 and would like our RIPS to be able to access a VIP on the same CSM they are on the same subnet but different vlans in L2 design. Any ideas to make this work?

1 REPLY 1
Contributor

Re: Hit the VIP from the server side behind the CSM in L2?

According to DE, the SSL blade will apply its local subnet mask to the incoming packet's source IP. In your case, you had a /24 subnet mask configured on the SSL's vlan, so addresses that end with .0 or .255 would be discarded since the blade treated them as network or broadcast addresses.

The workaround is to configure the lowest subnet mask on the SSL proxy vlan where traffic is received (like a /8).

Configure ssl-proxy vlan with lowest mask to receive traffic or configure ssl-proxy vlan where traffic received to lowest mask (ie,. /8 mask) or load next maintenance release image 2.1(2)

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards