Hi,

Yes. I am able to see the flows now. I had another question is that when I appy acl onto my interface, it seems like CSS is dropping all the packets but i am still able to see hit counts when enter show acl command. From the configuration, it mentioned that

ACLs filter inbound network traffic by controlling whether packets are forwarded or blocked at the CSS interfaces.

For one arm configuration,how does CSS consider the inbound traffic.

I had allow any any already yet it still does not work.

Thanks

With Regards

Chin Lam

if you enable acl, don't forget there is a specific deny all.

So, you need to make sure to first permit all the interesting traffic before enabling acl.

With one-armed config, you're supposed to have only 1 interface. So 1 ACL applied only to inbound traffic which includes request from client and response from server.

Gilles.

I had the following acl applied and it still don't work.

acl 1

clause 1 permit tcp any destination any

apply circuit-VLAN(1)

do you have standard keepalive ?

If so, they are icmp and you should permit icmp otherwise you services will be down.

Provide the full config if you want.

Gilles.

My keepalives is using tcp port 25 as the service is smtp. My cofig is as follows:

service a

ip add 1.1.1.1

keepalives protocol tcp

keepalives port 25

active

service b

ip add 1.1.1.2

keepalives protocol tcp

keepalives port 25

active

content smtp

vip add 2.2.2.2

protocol tcp

port 25

add service a

primarySorryServer b

active

group smtp

vip add 2.2.2.2

add destination service a

add destination service b

active

acl 1

permit tcp any any destination any

apply circuit-VLAN(1)