can I configure vip address on both sides?

Unanswered Question
Mar 7th, 2008
User Badges:

Hi,


I have some servers in both side of CSS and I would like they communicate.


My question is: "Can I configure on both sides the VIP address?"


Can anyone give me an answer?


thank you.

Regards.


G.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Thu, 03/13/2008 - 00:57
User Badges:
  • Cisco Employee,

a vip is not associated to a particular interface on the CSS.

So, the client can come in on any interface, it will match the vip no problem.

However, if your client is in vlan X and the vip in vlan Y, your client will need a route with a gateway in vlan X in order to reach vlan Y.


You can also create the exact copy of the content rule and change the ip address so it is part of the same subnet as the client.

This to avoid the static route.


Gilles.

htarra Thu, 03/13/2008 - 11:43
User Badges:
  • Bronze, 100 points or more

First, it looks like the content has not been activated.

We should see the keyword "active" under the content rule definition.

Verify that your rule is alive with a 'sho summary'.


Next, you need to configure static route on the CSS so it knows how to reach clients.

You should at least have a default route.

Simply configure it with the command 'ip route 0.0.0.0 0.0.0.0 x.x.x.x'.


The nating is not needed if the response from the servers always go through the CSS.

If they are connected to the CSS this should be the case.

If they are not connected to the CSS, you should make the CSS the default gateway for the servers.

If that is not possible you will need nating.

In this case, simply add the command 'add destination service x.z.com' under the group definition.


Finally be aware that with this config, when you ping the VIP, the ping packet is loadbalanced to the servers and they are responsible to respond.

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11000series/v6.10/configuration/advanced/guide/Firewall.html#wp1015830



Actions

This Discussion