cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
334
Views
0
Helpful
1
Replies

Active Directory authentication from servers behind the css

frbilbrey
Level 1
Level 1

Hi, currently for testing purposes we have had a one armed configuration that works using client nat. Now, due to an application requirement the original requesting client ip must be known. When I isolated a server completely behind the css, it can no longer reach the AD controllers to perform AD related functions and authentication. How do configure the css to allow this traversal to outside network services from the machines behind the css.

Thanks, Bob

1 Reply 1

frbilbrey
Level 1
Level 1

I should have included the config. Right now this config works fine. One nic is on the 10.10.20.0 behind the css, the other nic is on the 172.15.16.0 on the regular network.

!*************************** GLOBAL ***************************

no restrict web-mgmt

dns-server forwarder primary 172.16.51.243

dns-server forwarder secondary 172.16.51.244

ssl associate dhparam diffehkey diffehkey

ssl associate rsakey webdevrsakey webdevrsakey

ssl associate cert virdevweb virdevweb.crt

ip route 0.0.0.0 0.0.0.0 172.16.51.1 1

!************************* INTERFACE

interface e2

bridge vlan 10

!************************** CIRCUIT

circuit VLAN1

ip address 172.16.51.186 255.255.254.0

circuit VLAN10

ip address 10.10.20.254 255.255.255.0

!*********************** SSL PROXY LIST

ssl-proxy-list devwebslllist

ssl-server 20

ssl-server 20 vip address 172.16.51.187

ssl-server 20 dsacert virdevweb

ssl-server 20 rsacert virdevweb

ssl-server 20 rsakey webdevrsakey

ssl-server 20 dhparam diffehkey

ssl-server 20 unclean-shutdown

ssl-server 20 cipher rsa-with-rc4-128-md5 172.16.51.187 80

active

!************************** SERVICE

service DevSvr1BT

ip address 10.10.20.3

port 9010

string BusinessTier

protocol tcp

active

service DevSvr1MD

ip address 10.10.20.3

protocol tcp

port 9012

string MetaDataCache

active

service DevSvr1db

ip address 10.10.20.3

port 9011

string DBCache

protocol tcp

active

service DevSvr1www1

protocol tcp

port 80

string DevSvr1www1

keepalive type http

ip address 10.10.20.2

active

service DevSvr2BT

port 9010

string BusinessTier

ip address 10.10.20.5

protocol tcp

active

service DevSvr2MD

protocol tcp

port 9012

string MetaDataCache

ip address 10.10.20.5

active

service DevSvr2db

port 9011

string DBCache

ip address 10.10.20.5

protocol tcp

active

service DevSvrssl1

protocol tcp

port 443

string DevSvrssl1

keepalive type http

ip address 10.10.20.2

active

service DevSvrwww2

protocol tcp

port 80

string DevSvrwww2

keepalive type http

ip address 10.10.20.4

active

service sslmodule2

type ssl-accel

keepalive type none

slot 2

add ssl-proxy-list devwebslllist

active

!*************************** OWNER

owner devrules

dns accept

dnsbalance leastloaded

content VirDevAppBT

vip address 172.16.51.187

protocol tcp

port 9010

dnsbalance leastloaded

balance leastconn

failover next

add service DevSvr2BT

add service DevSvr1BT

active

content VirDevAppDB

protocol tcp

vip address 172.16.51.187

port 9011

dnsbalance leastloaded

balance leastconn

failover next

add service DevSvr2db

add service DevSvr1db

active

content VirDevAppMD

protocol tcp

vip address 172.16.51.187

port 9012

dnsbalance leastloaded

balance leastconn

add service DevSvr2MD

add service DevSvr1MD

active

content VirDevWeb

vip address 172.16.51.187

balance leastconn

failover next

add service DevSvr1www1

add service DevSvrwww2

protocol tcp

port 80

url "/*"

dnsbalance leastloaded

sticky-serverdown-failover sticky-srcip-dstport

advanced-balance sticky-srcip-dstport

active

content VirDevWebSSL

vip address 172.16.51.187

protocol tcp

port 443

add service sslmodule2

active

!*************************** GROUP

group client-nat

vip address 172.16.51.187

add destination service DevSvr1www1

add destination service DevSvr2BT

add destination service DevSvr1BT

add destination service DevSvr2MD

add destination service DevSvr1MD

add destination service DevSvr2db

add destination service DevSvr1db

add destination service DevSvrwww2

add destination service sslmodule2

active

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: