Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
0
Helpful
2
Replies

Outbound Server Farm connections enabled by default?

bradleyordner
Level 3
Level 3

‎02-23-2011 09:09 PM

Hi,

I have a question about CSM, possibly might be security related not sure.

I have a CSM in routed mode with a Client VLAN and a Server VLAN.

Now the Server Guys would like the Server's in the farm to be able to initaite connections outbound to anywhere on the network, while still be load blanced via a VIP.

According to the confiig guide, outbound connections are enabled by default, although this is not happening. What we see is -

If I am on a Server in the farm and I ping to my Laptop which is on another LAN, then the ping fails.

Although if I ping from my laptop to the Server Real Address (We have a VServer for Direct Access) then the Server can Ping me.

Is this the default function, that only once a connection is established inbound, will a return packet make its way out?

Any info or suggestion would be appreciated.

Thanks

Labels:
0 Helpful
2 Replies 2

bradleyordner
Level 3
Level 3

‎02-24-2011 03:50 PM

I just found this on Cisco.com -

The NAT for the server allows you to support connections initiated by  real servers and to provide a default configuration used for servers  initiating connections that do not have matching entries in the server  NAT configuration. By default, the CSM allows server-originated  connections without NAT.

To configure NAT for the server, perform this task:

Command
Purpose

Step 1 

Router(config)# static [drop | nat 
[ip-address | virtual]]

Configures the server-originated connections. Options include dropping  the connections, configuring them with NAT with a given IP address, or  with the virtual IP address that they are associated with1 , 2 .

Step 2 

Router(config-slb-static)# real ip-address 
[subnet-mask]

Configures the static NAT submode where the servers will have this NAT  option. You cannot use the same real server with multiple NAT  configuration options.

1 Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.

2 The no form of this command restores the defaults.

0 Helpful

bradleyordner
Level 3
Level 3
In response to bradleyordner

‎02-28-2011 12:31 AM

Hi Guys,

This is just incase anyone needs it, but I missed an important piece of information above....I have two Client VLAN's! Which I could not see the point of, although our first Client VLAN is behind a firewall.

I did a search on here and located this post which got my outbound connections working!

https://supportforums.cisco.com/message/453206#453206

Hooray!

Thanks

Brad

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card