Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
527
Views
0
Helpful
2
Replies

Server access to itself via CSS

debbaudtg
Level 1
Level 1

‎06-14-2004 05:23 AM

Hello,

I have a simpleconfiguration :

One-Armed CSS 11503.

VIP and servers in the same subnet (10.1.160.0/22)

One VIP adress : 10.1.163.172

One content tcp on port 90 (access to an URL : http://10.1.163.172:90/check.html)

2 servers : 10.1.160.172 and 10.1.160.151 whith gateway on CSS (Gateway = 10.1.163.1)

When a client PC access to http://10.1.163.172:90/check.html, it works

Developpers of application require to access this page also via servers (10.1.160.172 and 10.1.160.151)

When making http://10.1.163.172:90/check.html from server 10.1.160.172 or 10.1.160.151, it doesn't work.

Need some help.

By advance, thanks

Gaëtan

Here under excerpt from the config

interface 1/2

trunk

vlan 6

vlan 7

default-vlan

vlan 25

circuit VLAN25

ip address 10.1.163.5 255.255.252.0

ip virtual-router 25 priority 200 preempt

ip redundant-interface 25 10.1.163.1

ip redundant-vip 25 10.1.163.172

service checklogin1

redundant-index 140

ip address 10.1.160.151

protocol tcp

port 90

keepalive frequency 30

keepalive port 90

keepalive type tcp

keepalive retryperiod 10

active

service checklogin2

redundant-index 141

ip address 10.1.160.172

protocol tcp

port 90

keepalive frequency 30

keepalive port 90

keepalive type tcp

keepalive retryperiod 10

active

content checklogin

redundant-index 143

vip address 10.1.163.172

protocol tcp

port 90

balance leastconn

add service checklogin1

add service checklogin2

active

Labels:
0 Helpful
2 Replies 2

jfoerster
Level 4
Level 4

‎06-14-2004 10:09 AM

HI,

sounds as if the sourcegroup is missing. If you do a connect from 10.1.160.172 to 10.1.163.172 the return flow from the server will be directed to the "client". this causes that the session is half open for the CSS and therefore the CSS tears down this connection. IN other words you have to source-nat on the CSS doing this szenario as the server has to think that the request is comming from the CSS so that is answers towards the CSS and the CSS sees the return flow of the connection.

Hope that helps...

Kind regards,

Joerg

PS

If the servers are not having the CSS as default-gw for the real clients you will run in this problem too

0 Helpful

jfoerster
Level 4
Level 4

‎06-14-2004 10:10 AM

HI,

sounds as if the sourcegroup is missing. If you do a connect from 10.1.160.172 to 10.1.163.172 the return flow from the server will be directed to the "client". this causes that the session is half open for the CSS and therefore the CSS tears down this connection. IN other words you have to source-nat on the CSS doing this szenario as the server has to think that the request is comming from the CSS so that is answers towards the CSS and the CSS sees the return flow of the connection.

Hope that helps...

Kind regards,

Joerg

PS

If the servers are not having the CSS as default-gw for the real clients you will run in this problem too

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card