Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
0
Helpful
1
Replies

Load Balanced server can not browse to Virtual IP

hinesd
Level 1
Level 1

‎12-21-2005 01:18 PM

2 physical servers are configured as servies on 11501. The CSS is configured as a "one arm bandit"

The entire organization can browse to the virtual IP, but the actual server can not. In fact, no server on the same L# network can browse to the VIP.

If the physical IP of the service is entered, the browser connects.

Any help is appreciated.

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎12-22-2005 01:11 AM

this is the typical problem.

When going from server to vip, the problem is that the receiving server, will see the request coming from a device on a locally attached network and it will send the response to the server/client directly without going through the CSS.

Therefore, the client receives a response from an unknown device since the CSS could not nat the response back to the vip address.

The only solution is to nat the server_client ip when it connects to the vip so it forces the server to respond back to the css.

If you don't want to have to nat all your traffic you need to use an acl to do this.

ie:

group natserver

vip x.x.x.x

active

acl 1

clause 10 permit any x.x.x.x destination content

clause 99 permit any any dest any

apply [vlan...]

Replace x.x.x.x with a server ip.

Create a similar clause for each server.

The vip in the group can be the same as the content rule vip or any other ip address that will belong to the CSS.

Gilles.

Thanks for rating this answer.

0 Helpful
Customers Also Viewed These Support Documents