CSM Servers in Severfarm in different VLANs/subnets

Answered Question
May 24th, 2007

I'm attempting to define servers in different VLANs/subnets in the same server farm. I can't find documentaton on this. Can you help?

I have this problem too.
0 votes
Correct Answer by Gilles Dufour about 9 years 6 months ago

there is nothing special to do.

It does not mater for the loadbalancer if the servers are directly connected or not.

You just have to guarantee that they are reachable and that the return path from server to client goes through the loadbalancer. [ this is usually the most difficult part].

Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Correct Answer
Gilles Dufour Thu, 05/24/2007 - 11:00

there is nothing special to do.

It does not mater for the loadbalancer if the servers are directly connected or not.

You just have to guarantee that they are reachable and that the return path from server to client goes through the loadbalancer. [ this is usually the most difficult part].

Gilles.

jseelbach Thu, 05/24/2007 - 11:26

Thanks for your quick response. I tried this once but it appeared only one server would get a successful connection. I think you've diagnosed the problem. "Return Path" is the key.

jseelbach Fri, 05/25/2007 - 17:16

I've tested it again. It is a "Return Path" problem but I can't come up with a solution. Using a NATPOOL statement in the SF I can only get one of the Servers to successfully establish a session. The one in the same NATPOOL of course. Is there another solution?

jseelbach Tue, 05/29/2007 - 08:04

I think I've found the problem but please verify. I failed to include the FWSM default GW in the server vlans 2056 & 3056.

Attached is the CSM config file. The new serverfarm I'm having problems with is the VMSHRPT.

Gilles Dufour Wed, 05/30/2007 - 06:15

The solution in your case, is to use bridge mode.

So, for every vlan than you have, you'll need to create a setup like this

FWSM --- Vlan X ---- CMS --- Vlan X' ---- Servers

Vlan x and x' will be part of the same subnet.

To tell the csm to bridge those 2 vlans, specify the same ip for both vlan.

on the servers, you do not change anything.

The default gateway stays the FWSM.

Like this you guarantee that all the traffic goes accross the CSM.

No need for any natpool.

Gilles.

jseelbach Wed, 05/30/2007 - 11:35

Your response forced me to hit the Cisco configuration books on this one. Bridged mode vs secure router mode vs one-armed mode. Couldn?t remember which was what and what we were currently using.

We are currently using the one armed mode on everything (I think ) because the CSMs are in their own subnets. Please correct me if I?m wrong.

I know this seems simple to you but I?ve tried to come up with an understanding of what you are recommending. But I can?t. Could you elaborate further.

Actions

This Discussion