Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
3
Replies

Can't access the servers after migrating to CSM-S

hussainmo
Level 1
Level 1

‎07-20-2006 06:25 AM

Hello,

We have a telnet application that can not use client NAT. For these application servers we have been using the VRRP address of the CSSs as default gateway instead of the HSRP address of the routers on that vlan. This is to keep the return traffic going through the CSS to keep consistent flows.

Today we moved this application to the CSM and now the application works fine but if we try to terminal session into the server it does not work. Additionally if we telnet to the VIP its ok but does not work if its tried directly on one of the servers on the server farm. Ping and trace route works ok to the servers. My understanding of the issue is that the CSM discarding the return traffic from the servers because its not stateful as the incoming traffic goes directly from the router to the server. BTW the same configuration works with a CSS so maybe its something to do with the CSM.

Thanks for any input.

Murtaza

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎07-20-2006 07:15 AM

Murtaza,

the CSM does not route by default from vlan to vlan except for server initiated connections.

To allow the routing and therefore access via telnet to you servers, you need to configure a vserver to allow this traffic.

ie:

vlan server XXX

ip x.x.x.x

serverfarm route

predictor forward

no nat server

vserver to_server

vip x.x.x.0/24 any

serverfarm route

inservice

Gilles.

0 Helpful

hussainmo
Level 1
Level 1
In response to Gilles Dufour

‎07-21-2006 01:27 AM

Gilles,

I tried the config and it still does not work although I can see the new vserver created for routing:

ROUTE SLB any 141.122.88.0/25:0 ALL OPERATIONAL 0

and the serverfarm as well:

serverfarm ROUTE

no nat server

no nat client

predictor forward

The vlan serer is configured as well:

vlan 202 server

ip address x.x.x.86 255.255.255.128 alt x.x.x.91 255.255.255.128

route 0.0.0.0 0.0.0.0 gateway x.x.x.1

alias x.x.x.84 255.255.255.128

Thanks,

Murtaza

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to hussainmo

‎07-21-2006 05:54 AM

do you see any hits on the vserver when you open a connection to the server ?

Try to capture a sniffer trace to see what's going on.

Capture the client and server vlan.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents