SLB and PIX/ASA device

Unanswered Question

I need to put a firewall device between a server load balancing (SLB) device and the real server(s). SLB uses Direct Server Return (DSR), in which case the VIP address is configured as the loopback address on the real server. Simply, the reason for the loopback address configuration is the fact that the server does not reply any arp request for the VIP, yet still serving any incoming requests for that VIP address.

So, when I put a firewall device between them, and enable NAT, the device will reply arp request for VIP as well. My goal is to configure a NAT for VIP to be able to get the packets forwarded to the real server, but no answer to the arp request for that VIP by the PIX/ASA device.

Any comment?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vkapoor5 Fri, 06/08/2007 - 10:08

With Device Manager you can enter device credentials for SLBs, which enable you to provision the device, delete or discover device services, change SNMP community strings, and set up device redundancy.


This Discussion