Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
695
Views
10
Helpful
2
Replies

problem with redundancy in CSS 11051

p.kodzis
Level 1
Level 1

‎10-30-2002 01:01 AM

I have a problem with redundancy in CSS 11051. I use firewall load balancing and server load balancing. Load balancers which only load balance over 3 firewall switch from primary to master with no problems.

problem is with load balancers which load balance over firewalls and over servers two. whene the master is shutdown, backup keeps master function, all services on backup LB are alive, but it is not possible to display web page on address 10.10.7.16. Even if I try from the network 10.10.7.0/24, so before firewalls. below my config. any help appreciate.

===primary LB=====

!Generated on 10/30/2002 10:42:53

!Active version: ap0500002

configure

!*************************** GLOBAL ***************************

ip redundancy master

no console authentication

restrict ftp

app

app session 10.10.60.13

ip firewall 1 10.10.7.1 10.10.8.1 10.10.8.10

ip firewall 2 10.10.7.2 10.10.8.2 10.10.8.10

ip firewall 3 10.10.7.3 10.10.8.3 10.10.8.10

ip route 0.0.0.0 0.0.0.0 firewall 1 1

ip route 0.0.0.0 0.0.0.0 firewall 2 1

ip route 0.0.0.0 0.0.0.0 firewall 3 1

ip route 10.10.1.0 255.255.255.0 10.10.3.1 1

ip route 10.10.2.0 255.255.255.0 10.10.3.1 1

ip route 10.10.12.0 255.255.255.0 10.10.3.1 1

ip route 10.10.14.0 255.255.255.0 10.10.3.1 1

ip route 10.10.22.0 255.255.255.0 10.10.3.1 1

!************************* INTERFACE *************************

interface e1

phy 100Mbits-FD

bridge vlan 62

interface e2

phy 100Mbits-FD

bridge vlan 7

interface e3

bridge vlan 3

interface e4

phy 100Mbits-FD

bridge vlan 7

interface e5

phy 100Mbits-FD

interface e6

phy 100Mbits-FD

bridge vlan 6

interface e7

phy 100Mbits-FD

interface e8

phy 100Mbits-FD

bridge vlan 6

!************************** CIRCUIT **************************

circuit VLAN62

ip address 10.10.60.14 255.255.255.252

redundancy-protocol

circuit VLAN7

redundancy

ip address 10.10.7.10 255.255.255.0

circuit VLAN3

redundancy

ip address 10.10.3.10 255.255.255.0

no redirects

circuit VLAN6

redundancy

ip address 10.10.6.10 255.255.255.0

!************************** SERVICE **************************

service cc1

ip address 10.10.3.129

keepalive type tcp

keepalive port 443

service cc2

ip address 10.10.3.130

keepalive type tcp

keepalive port 443

active

service ssl1

ip address 10.10.6.131

keepalive port 443

keepalive type tcp

active

service ssl3

ip address 10.10.6.133

keepalive port 443

keepalive type tcp

active

service ssl4

ip address 10.10.6.141

keepalive type tcp

keepalive port 443

active

service ssl6

ip address 10.10.6.143

keepalive port 443

keepalive type tcp

active

service www1

ip address 10.10.6.101

keepalive type tcp

keepalive port 443

weight 2

active

service www3

ip address 10.10.6.103

keepalive type tcp

keepalive port 443

active

service www4

ip address 10.10.6.121

keepalive port 443

keepalive type tcp

active

service www6

ip address 10.10.6.123

keepalive type tcp

keepalive port 443

active

!*************************** OWNER ***************************

owner L5_Owner

content L5_Rule

vip address 10.10.7.6

application ssl

protocol tcp

port 443

url "/*"

add service www1

add service www3

add service www4

advanced-balance sticky-srcip

add service www6

balance weightedrr

active

content L5_Rule_CC

vip address 10.10.3.120

advanced-balance sticky-srcip

add service cc1

add service cc2

active

content L5_Rule_SSL

vip address 10.10.7.16

application ssl

protocol tcp

port 443

url "/*"

add service ssl1

add service ssl3

add service ssl4

advanced-balance sticky-srcip

add service ssl6

active

!*************************** GROUP ***************************

group CC

vip address 10.10.3.120

add destination service cc1

add destination service cc2

active

======

===backup LB=====

!Generated on 10/29/2002 20:47:30

!Active version: ap0503015

configure

!*************************** GLOBAL ***************************

ip redundancy

console authentication primary none

restrict ftp

app

app session 10.10.60.14

ip firewall 1 10.10.7.1 10.10.8.1 10.10.8.10

ip firewall 2 10.10.7.2 10.10.8.2 10.10.8.10

ip firewall 3 10.10.7.3 10.10.8.3 10.10.8.10

ip route 0.0.0.0 0.0.0.0 firewall 1 1

ip route 0.0.0.0 0.0.0.0 firewall 2 1

ip route 0.0.0.0 0.0.0.0 firewall 3 1

ip route 10.10.1.0 255.255.255.0 10.10.3.1 1

ip route 10.10.2.0 255.255.255.0 10.10.3.1 1

ip route 10.10.12.0 255.255.255.0 10.10.3.1 1

ip route 10.10.14.0 255.255.255.0 10.10.3.1 1

!************************* INTERFACE *************************

interface e1

phy 100Mbits-FD

bridge vlan 62

interface e2

phy 100Mbits-FD

bridge vlan 7

interface e3

phy 100Mbits-FD

bridge vlan 3

interface e4

phy 100Mbits-FD

bridge vlan 7

interface e5

phy 100Mbits-FD

interface e6

phy 100Mbits-FD

bridge vlan 6

interface e7

phy 100Mbits-FD

interface e8

phy 100Mbits-FD

bridge vlan 6

!************************** CIRCUIT **************************

circuit VLAN62

ip address 10.10.60.13 255.255.255.252

redundancy-protocol

circuit VLAN7

redundancy

ip address 10.10.7.10 255.255.255.0

circuit VLAN3

redundancy

ip address 10.10.3.10 255.255.255.0

no redirects

circuit VLAN6

redundancy

ip address 10.10.6.10 255.255.255.0

!************************** SERVICE **************************

service cc1

ip address 10.10.3.129

active

service cc2

ip address 10.10.3.130

active

service ssl1

ip address 10.10.6.131

keepalive port 443

keepalive type tcp

active

service ssl3

ip address 10.10.6.133

keepalive port 443

keepalive type tcp

active

service ssl4

ip address 10.10.6.141

keepalive type tcp

keepalive port 443

active

service ssl6

ip address 10.10.6.143

keepalive port 443

keepalive type tcp

active

service www1

ip address 10.10.6.101

keepalive type tcp

keepalive port 443

weight 2

active

service www3

ip address 10.10.6.103

keepalive type tcp

keepalive port 443

active

service www4

ip address 10.10.6.121

keepalive port 443

keepalive type tcp

active

service www6

ip address 10.10.6.123

keepalive type tcp

keepalive port 443

active

!*************************** OWNER ***************************

owner L5_Owner

content L5_Rule

vip address 10.10.7.6

protocol tcp

port 443

url "/*"

add service www1

add service www3

add service www4

advanced-balance sticky-srcip

add service www6

balance weightedrr

active

content L5_Rule_CC

vip address 10.10.3.120

advanced-balance sticky-srcip

add service cc1

add service cc2

active

content L5_Rule_SSL

vip address 10.10.7.16

protocol tcp

port 443

url "/*"

add service ssl1

add service ssl3

add service ssl4

advanced-balance sticky-srcip

add service ssl6

active

!*************************** GROUP ***************************

group CC

vip address 10.10.3.120

add destination service cc1

add destination service cc2

active

=======

Labels:
0 Helpful
2 Replies 2

wong34539
Level 6
Level 6

‎11-05-2002 08:20 AM

Please visit the folloiwing page where you can find many configuration examples on configuring CSS for Load Balancing.

http://www.cisco.com/en/US/products/hw/contnetw/ps789/prod_configuration_examples_list.html

Hope it helps.

p.kodzis
Level 1
Level 1
In response to wong34539

‎11-05-2002 08:30 AM

I have fixed my problem. I missed "application ssl" in content rule on backup load balancer. now all works fine. best regards

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card