Cisco Support Community
Community Member

Configuration Suggestions

Good afternoon all,

My company has decided to include some CSS 11503's in our network. I'm familiar with the product, what it is, and what it does, but I'm getting some mixed information from some sources on configuration.

Some are saying to configure my servers on local IP addresses, assign global VIP's to the content rules, and let the CSS NAT. Others are saying there's too much latency in that scenario and to configure globals right on my servers. The CSS will sit behind a pix 525 so I'm not concerned with having the servers globally assigned, but I'm being told configuring as such will bypass the CSS and not allow it to load balance???

Any input you folks have would be greatly appreciated.

Community Member

Re: Configuration Suggestions

You can't load balance without some latency. But the latency is << 1ms (where << means "much less than" for the non-math people). Your first suggestion will work very well for you.

Community Member

Re: Configuration Suggestions

I agree with drussell. We are currently running a CSS11150 with global VIPs configured with IPs on the same subnet as the servers and NAT is being performed on our PIX525. It works great!

Community Member

Re: Configuration Suggestions

Thanks for the input. It sounds as though our configurations are very similar. Currently we are experiencing issues with what we believe are the access lists in the PIX525. I was wondering if you wouldn't mind providing me with your ACL lists, minus of course any of your actual IP's.

Thank you.

CreatePlease to create content