05-24-2007 09:55 AM
I'm attempting to define servers in different VLANs/subnets in the same server farm. I can't find documentaton on this. Can you help?
Solved! Go to Solution.
05-24-2007 11:00 AM
there is nothing special to do.
It does not mater for the loadbalancer if the servers are directly connected or not.
You just have to guarantee that they are reachable and that the return path from server to client goes through the loadbalancer. [ this is usually the most difficult part].
Gilles.
05-24-2007 11:00 AM
there is nothing special to do.
It does not mater for the loadbalancer if the servers are directly connected or not.
You just have to guarantee that they are reachable and that the return path from server to client goes through the loadbalancer. [ this is usually the most difficult part].
Gilles.
05-24-2007 11:26 AM
Thanks for your quick response. I tried this once but it appeared only one server would get a successful connection. I think you've diagnosed the problem. "Return Path" is the key.
05-25-2007 05:16 PM
I've tested it again. It is a "Return Path" problem but I can't come up with a solution. Using a NATPOOL statement in the SF I can only get one of the Servers to successfully establish a session. The one in the same NATPOOL of course. Is there another solution?
05-26-2007 03:23 AM
could you show your serverfarm config and the vlan config.
Gilles.
05-29-2007 08:04 AM
05-30-2007 06:15 AM
The solution in your case, is to use bridge mode.
So, for every vlan than you have, you'll need to create a setup like this
FWSM --- Vlan X ---- CMS --- Vlan X' ---- Servers
Vlan x and x' will be part of the same subnet.
To tell the csm to bridge those 2 vlans, specify the same ip for both vlan.
on the servers, you do not change anything.
The default gateway stays the FWSM.
Like this you guarantee that all the traffic goes accross the CSM.
No need for any natpool.
Gilles.
05-30-2007 11:35 AM
Your response forced me to hit the Cisco configuration books on this one. Bridged mode vs secure router mode vs one-armed mode. Couldn?t remember which was what and what we were currently using.
We are currently using the one armed mode on everything (I think ) because the CSMs are in their own subnets. Please correct me if I?m wrong.
I know this seems simple to you but I?ve tried to come up with an understanding of what you are recommending. But I can?t. Could you elaborate further.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: