11-24-2008 09:51 AM - edited 03-11-2019 07:17 AM
I am trying to map a Public IP to private Virtual IP on the load balancer which forwards the traffic to web servers.
I have done all the necessary configurations on ASA, but the web service is still not accessible from the internet.
Configuration:
Outside IP: 95.12.60.31
Inside IP (VIP): 10.1.1.1
static (inside,outside) 95.12.60.31,10.1.1.1 netmask 255.255.255.255
access-list outside_in extended permit ip any any
access-group outside_in in interface OUTSIDE
The web service is accessible locally on 10.1.1.1 IP. While I am accessing via the public IP over the internet I can see following on 'sh conn' display
TCP out 66.72.101.23:2984 in 10.1.1.1:80 idle 0:00:02 bytes 0 flags AX
What could be wrong. Please assist.
11-24-2008 10:23 AM
Does your load balancer have a default route going out?
11-24-2008 10:34 AM
Yes. The default route is present.
I didn't mention earlier that the ping to public IP over the internet is successful. I have also configured the load balancer for ping requests.
Any other clues.
11-24-2008 10:39 AM
When the NAT translation dies, what is the byte count? I assume you have hit counts on your ACL?
11-24-2008 10:59 AM
Yes. There are hit counts on the access-list for every hit via the browser. Something like
11-24-2008 11:01 AM
Maybe a packet cpature between the two (or on the pix/asa) will shed some light. From the firewall you can ping the VIP correct?
11-24-2008 11:15 AM
Yes. I am able to ping the VIP from firewall.
I will try the capture tommorow. In the meanwhile any other suggestions will be great.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: