Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9556
Views
0
Helpful
5
Replies

Unable to ping NLB Virtual IP Address from hosts in different subnets

syedhashmi455
Level 1
Level 1

‎05-18-2013 11:23 PM - edited ‎03-11-2019 06:46 PM

Hello Friends,

I have a problem pinging the virtual ip's of NLB from hosts of differrent subnets.

The Scenario is as below

Server Farm --- Cisco ASA Firewall (Internal Firewall) --- Lan Network --- Edge

All my servers reside in Server Farm which is behind the internal firewall. The server services dept are tryig to have a NLB for the few servers. Now the porblem is that the user (diff Vlan) is able to ping the physical ip of the server but not the virtual ip.

Can some one please provide the solution to this prolem?

Labels:
0 Helpful
5 Replies 5

mvsheik123
Level 7
Level 7

‎05-19-2013 06:48 AM

Hi,

Couple of checks- ICMP allowed on firewall for virtual IPs?  VIP showing up and reachable from server farm IPs? Also, NLB had any rules with ref to icmp related services/replies?

Thx

MS

0 Helpful

syedhashmi455
Level 1
Level 1
In response to mvsheik123

‎05-19-2013 07:36 AM

Hi MS,

Thanks for your response.

Yes, ICMP is allowed on the firewall for the virtual IP's and is also pingable from the firewall and the server farm, but the problem is the virtual ip's are not pingable from other subnets other than the server Vlan.

NLB has no rules with referrence to icmp.

Regards,

Ahmed

0 Helpful

mvsheik123
Level 7
Level 7
In response to syedhashmi455

‎05-19-2013 10:55 AM

Hi Ahmed,

Try enabling 'debug icmp trace' (or debug icmp trace 128) on ASA and try to ping the VIP. Check for icmp each & echo-reply. if you see both on ASA and ping fails,I guess, issue is somewhere else in the path.

Thx

MS

0 Helpful

syedhashmi455
Level 1
Level 1
In response to mvsheik123

‎05-20-2013 05:56 AM

Hi MS,

The results are as below when the debug is enabled:

The virtual ip is not seen in the debug list as it was not pinging from the user Vlan but pings ok from the server Vlan. Once the virtual ip is swapped with the physical ip, the pings are on from the user Vlan.

Next swap it back to the virtual ip, the ping continues to be ok from the user vlan.

So, in order to make the virtual ip work, I had to make it  physical and then to virtual. By doing this I could see both physical and virtual ip's in the debug list.

Not sure how to fix this?

Regards,

Ahmed

0 Helpful

mvsheik123
Level 7
Level 7
In response to syedhashmi455

‎05-20-2013 06:19 AM

Hi Ahmed,

Not sure what NLB in place, but below is some informational link on Microsoft..

http://social.technet.microsoft.com/Forums/en-US/winserverClustering/thread/39f5302a-9359-4d9b-9d76-7d97954d13c3/

I will reach out to NLB support , to make sure that there is no bug in the NLB OS version.

Thx

MS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card