cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
686
Views
0
Helpful
5
Replies

Ping from CSS

nalcomis75
Level 1
Level 1

My CSS is currently in a one-armed transparent proxy configuration with multiple default gateways (as specified in Cisco's configuration example). When the CSS pings odd number IP addresses it sources the ping with its VLAN1 IP address.. If it pings even number IP addresses it sources the ping with its VLAN2 IP address. How can I control this? VLAN2 is an unpublished subnet between the SCA and CSS. All pings fail originating from VLAN2 because the remote client does not have a route to it. I would like the CSS to never originate pings from VLAN2 (unless it is pinging the SCA on VLAN2)

Thanks.

5 Replies 5

pknoops
Level 3
Level 3

Can we see some of the config specifically the route and circuit section. This behavior is not correct. Can you also let us know the version of webns ?

thanks

Pete..

Pete,

I attached a document containing the version number of WebNS, traceroutes to both and odd and even IPs, and my CSS config. Thanks in advance.

-Erik

Hi Erik,

having a look at your config you are having two (2) default routes.

I think this causes the "trouble".

From my point of view this has nothing to do with even or odd IP-Addresses but with loadsharing over two links on equal routing pathes.

Why do you have the 2nd default route pointing to the SCA?

You are having a service configured pointing to the SCA and this should be enough from my point of view.

Do I miss something here?

Kind Regards,

Joerg Foerster

Erik,

What you are seeing is in fact normal behavior and only really applies to pings and traceroutes because of the 2 default routes. This is why you have the ACLs in place. How is the rest of the ssl traffic working ?

Regards

Pete..

Pete,

SSL appears to be operating normally. I don't have the system in a production environment, so I haven't seen all the bugs that exist yet. The sample one-armed transparent proxy config provided by Cisco shows a default route towards the SCA. What is the purpose of this? Is there another way to get icmp working correctly? Thanks again for your help.

-Erik

Review Cisco Networking for a $25 gift card