Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE Module and FWSM problem

I have a Catalyst 6500 with an ACE and Firewall Service Module (FWSM) installed. See Diagram.

The server sits in VLAN 10 which is configured in both ACE and FWSM. The server load balancing is configured in DSR mode (Direct Server Return) which means that the request from the client goes through the VIP configured in the ACE but the server's default gateway point to the FWSM. The purpose is to avoid high volume return traffic from the server through the ACE. The client sits in VLAN 14. I am able to ping the VIP address. By pinging VIP I mean load balancing ICMP (not "loadbalance vip icmp-reply"). However SSL or SSH to the VIP does not work. I suspect this may be an issue with the FWSM but not sure. Any suggestions?

1 REPLY

Re: ACE Module and FWSM problem

FWSM is dropping it as it has not seen the initial packets (Assymetric traffic). You will need to disable stateful inspection on FWSM to make it work.

Syed Iftekhar Ahmed

150
Views
0
Helpful
1
Replies