cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
414
Views
0
Helpful
2
Replies

CSS FTP, Print and NAT

leighharrison
Level 7
Level 7

All,

I have configured up a content switch for a customer of ours that is having a new oracle solution installed.

There are 6 oracle servers, 3 database and 3 application.

I have configured up 1:1 contents as well are a 3:1 content to loadbalance the webfront end. I did this so that the developers can still access the servers.

This all works fine, accept for a few issues:-

1. When an FTP session is initiated to any of the servers, the inital TCP handshake is passed, but then the session drops out and no FTP data is passed. I used a sniffer on this and the content switch is sending a TCP RST as soon as the first ftp packet leaves the server after the TCP handshake.

2. When one of the oracle servers (on the 10.50.98.x addresses) tries to make a conenction out (for sending data to a printer) this doesn't work at all. After a quick look, I realised that I needed to put on an acl to push to an outbound group. I used the config:-

group outbound

vip address 10.50.99.100

active

acl 1

clause 50 permit any any destination any

clause 15 permit any 10.50.98.0 255.255.255.0 destination any sourcegroup outbound

clause 10 permit any 10.50.98.0 255.255.255.0 destination 10.50.98.0 255.255.255.0

apply circuit-(VLAN18)

acl enable

----------------------------------------

This then stopped the box from doing anything....

Do I have the routing wrong on the box? Is there futher config that needs configuring to enable FTP to work properly?

Do I need to be more specific with my acl for the traffic coming from 10.50.98.x ?

Many thanks in advance,

LH

** Config enclosed **

2 Replies 2

leighharrison
Level 7
Level 7

All,

I've been doing some work on the FTP and it works fine in port mode using IE.

I'll get the Passive config sorted - does anyone have any good links?

LH

Gilles Dufour
Cisco Employee
Cisco Employee

as soon as you do acl enable, the css default behavior of the css becomes deny any any.

So, if you did not apply an acl on your client vlan, then all your traffic is blocked.

For ftp config, there is a link @

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093de6.shtml

"Understanding and Configuring FTP on the CSS 11000"

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: