I have CSS11501 attached to one segment (A) on FWSM. Actual WEB servers are on another segement (B). Users are sitting on segement C.
Users in C cannot get the screen over port 80 , when they try to acccess CSS. When we use anohter machine in the same CSS segment (A), we can access the servers via CSS.
Also if we use another real web server in segment A whrere CSS is sitting, all the users can access it. This prooves that firewall is allowing port 80 to be accesed from user segment.
It seems like something special required in either CSS or firewall configuration, when clients are coming through firewall.
Is there any experince that anybody can share with me for similar situation ?
When you say "when they try to access CSS", do you mean the VIPs configured on CSS?
If that is the case then you need to verify that the return traffic from real server (when request hitss the VIP) is passing through the CSS or not.
If your client hits the VIP on CSS and and CSS takes the request to the SERVERs in Segment B. The return traffic from these servers could hit the client directly (if your server's default gateway is FWSM B segment interface & Source Nat is not configured on CSS).
Syed Iftekhar Ahmed