Re: unable to access content from same subnet

eisenberg · ‎06-28-2011

I have a two-armed CSS that is currently in production. All works fine except for the fact that devices that sit on the same subnet that the CSS VIPs live on are unable to access sites hosted by those VIPs. The devices are able to ping the VIPs, but are unable to access the hosted sites on those VIPs. Is this a default gateway issue?

Daniel Arrondo Ostiz · ‎06-29-2011

Good morning,

I would recommend you to review the traffic flow in detail. It could be that, for that specific subnet and those VIPs, the topology is actually one-arm. If so, have a look at the link below

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080093dff.shtml

I can help you with this if you show me your full configuration. Alternatively, you can also open a TAC service request to have it investigated further.

Regards

Daniel

eisenberg · ‎06-30-2011

I have attached my config.You will see that I have the two-armed config. My wording in the initial posting made it appear that I have a one-armed config which I do not.

I have a server that lives on the 10.100.31.x subnet that is able to ping the VIP 10.100.31.51, but cannot access the web site hosted on 10.100.31.51. There is an upstream hosting firewall that NATs X.X.X.X.51 to 10.100.31.51. Users on the Internet are able to access this load balanced site from the Internet.

..I just do not know why devices that live parallel to the CSS are unable to access sites fronted by VIPs that live on the CSS.

pablo.nxh · ‎06-30-2011

Hi,

You can take a look at the post below; seems you're running into the same issue:

https://supportforums.cisco.com/thread/2060583

HTH

__ __

Pablo