Showing results for 
Search instead for 
Did you mean: 

c6506 IOS SLB Across VRFs

I'm trying to setup IOS SLB in directed mode on a Cat6506. We are currently using IOS SLB is dispatched mode for other services. Below is the relevent config. Please note there is no L3 interface on the 6506 for the Virtual Servers network ( The gateway is an ASA which has L2 connectivity to the 6506. Also to note that the Server Farm network is within its own VRF.

ip slb serverfarm ADOBE-CONNECT

nat server

predictor leastconns

probe ADOBE

access Vlan130



  weight 1




  weight 1

  no inservice


ip slb vserver ADOBE-TCP443
virtual tcp https
serverfarm ADOBE-CONNECT
sticky 60
idle 600
ip slb vserver ADOBE-TCP80
virtual tcp www
serverfarm ADOBE-CONNECT
sticky 60
idle 600
What happens is essentially nothing as you can see below 0 connections have occured, and 0 syns. "debug ip slb all" shows absolutely nothing in regards to this VServer.
ADOBE-TCP80, state = OPERATIONAL, v_index = 19, interface(s) = <any>
  virtual =, TCP, service = NONE, advertise = TRUE
  server farm = ADOBE-CONNECT, delay = 10, idle = 600
  sticky: client ip, timer = 60, subnet =
  sticky: group id = 4098 <assigned>
  synguard counter = 0, synguard period = 0
  conns = 0, total conns = 23, syns = 0,  syn drops = 0
  standby group = None
However on the 6506 when I do a SPAN on the trunk interface between the 6506 and the ASA I can see the packet TCP SYNs arriving at the 6506. Where ever they go from there..... I have no clue. This SPAN/packet capture also shows the ARP requests from the ASA for the virtual IP address, however there is never a response.

Calin C.


In which VLANs are the interfaces up to ASA and down to real servers?

Next, if you take out "access vlan 130" and try, does it work?

Last, you are speaking about VRFs...but on C6500 you have only L2 configuration, as I understood. Where are the VRFs defined?

Sorry for so many questions, but I'm trying to help you!


Interface Gi1/21 is a trunk interface on the c6506 and faces the ASA. It trunks VLAN 131 which is the DMZ network. The vserver IP address is within this DMZ network.

The "real" server is on a VMware box and utilizes port Gi2/19 this is also a trunk port which contains VLAN 130. The c6506 has a layer 3 interface for this VLAN, VLAN130. This interface is in the "app" VRF with an IP address of, eventually it will be running HSRP with a virtual address of

I have tried taking out all of the access commands. Nothing changes from what I can see.

I hope I have answered your questions. Your help is greatly appreciated.