Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
697
Views
0
Helpful
8
Replies

sca+css 11000 outbound routing+access list problem

devrim.kalmaz
Level 1
Level 1

‎09-06-2005 10:47 PM

http://www.cisco.com/en/US/products/hw/contnetw/ps2083/products_configuration_example09186a00801bbf4e.shtml

We a have a configuration like in this link.But our vlan2 servers (ex.10.2.2.3) have some files or gadgets which run/get from servers in vlan1/intranet/our_lan (ex.10.50.50.x).In this case our gadgedts and linked files didn't run well.So we add manuel routing to this gadget running servers to solve our problem.(ex route add 10.50.50.x to upstream-router )But now we have another small problem.The problem is that our intranet servers which is on vlan1 side (10.50.50.x) cannot reach https services on vlan2 servers (ex.10.2.2.3).The configuration is work for other users very well.Thanks,

Labels:
0 Helpful
8 Replies 8

devrim.kalmaz
Level 1
Level 1

‎09-06-2005 10:51 PM

sample drawing attached.

6219-css.vsd
0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to devrim.kalmaz

‎09-06-2005 11:35 PM

Devrim,

we will need your config and information about source ip and destination ip having problem to communicate.

Is it all the time, sometimes ?

Is it all type of traffic or just http or just https or .. ?

Thanks,

Gilles.

0 Helpful

devrim.kalmaz
Level 1
Level 1
In response to Gilles Dufour

‎09-07-2005 12:26 AM

It's all the times.

It's only http and https.

10 KB
0 Helpful

devrim.kalmaz
Level 1
Level 1
In response to devrim.kalmaz

‎09-09-2005 12:10 AM

Has anyone got any idea?Thanks,

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to devrim.kalmaz

‎09-09-2005 07:32 AM

you need to remove your extra static routes.

You're breaking the ecmp concept.

To solve your gadget problem, you need to use acl prefer.

something like

clause 5 permit any any destination 10.50.50.10 255.255.255.0 prefer upstream-router

Apply this on you servers vlan.

Also your ACL 10 will need a clause 99 permit any any destination any.

Give it a try like this and let me know what works and what does not.

Regards,

Gilles.

0 Helpful

devrim.kalmaz
Level 1
Level 1
In response to Gilles Dufour

‎09-12-2005 01:56 AM

is this the right config?

Thanks,

acl 5

clause 10 permit any any destination any

apply circuit-(VLAN1)

apply circuit-(VLAN2)

acl 10

clause 5 permit any any destination 10.50.x.x 255.255.255.0 prefer upstream-router

clause 10 permit any any destination any prefer upstream-router

clause 99 permit any any destination any

apply circuit-(VLAN3)

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to devrim.kalmaz

‎09-12-2005 03:04 AM

Looks good.

I assume your servers are in vlan 3.

Does it work ?

G.

0 Helpful

devrim.kalmaz
Level 1
Level 1
In response to Gilles Dufour

‎09-12-2005 03:27 AM

Yes our https servers are in vlan3.

Gadget servers are in vlan1.

I can try it tomorrow.I'll write results here.

Thank you.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card