Re: web page is not opening through content switch virtual ip

ramachandra.p · ‎11-09-2006

Hi,

My lab toplogy is attached. For temproary im my pix firewall i given the full access in all interfaces. Inside vlan with segment 192.168.1.0 is L2 vlan routing will be taken care by pix firewall. In content switch 2 circuit vlans are created and from 2nd port connected to inside vlan of the switch. content vip 192.168.2.5 people from outisde they can ping 192.168.2.5 but through content switch they cannot able to open the web server page. Please help me to resolve the issue.

regards,

Ram

Gilles Dufour · ‎11-09-2006

is the default gateway of the servers the CSS or the pix ?

You can try to configure the following

group clientnat

vip 192.168.2.5

add destination service

<...>

active

!

If it works after configuring the above, you have a problem of asymetric routing.

If not, capture a trace on client and server simultaneously and see what is going on.

Gilles.

ramachandra.p · ‎11-09-2006

Hi gdufour,

Thanks for your response. Servers gateway is 192.168.1.1. Please let me know it is necessary to put in L3 rule is following command.

L3_Rule

url "/*"

Regards,

Ram

Gilles Dufour · ‎11-10-2006

if your gateway is 192.168.1.1, which is the pix, you definitely have an asymetric routing issue. The solution of client nat that I gave you should solve the problem.

Another option is to set the default gateway to be the CSS.

Finally, the url command is to force the CSS to spoof the connection. So, this is not a L3 rule anymore but a L7 rule.

This is why the ping works. Because the CSS will respond the ping.

While the http request will be sent to the server and the response will never make it back to the css [which is supposed to send to the client].

Gilles.