Thanks for your quick response. I tried this once but it appeared only one server would get a successful connection. I think you've diagnosed the problem. "Return Path" is the key.

I've tested it again. It is a "Return Path" problem but I can't come up with a solution. Using a NATPOOL statement in the SF I can only get one of the Servers to successfully establish a session. The one in the same NATPOOL of course. Is there another solution?

could you show your serverfarm config and the vlan config.

Gilles.

I think I've found the problem but please verify. I failed to include the FWSM default GW in the server vlans 2056 & 3056.

Attached is the CSM config file. The new serverfarm I'm having problems with is the VMSHRPT.

The solution in your case, is to use bridge mode.

So, for every vlan than you have, you'll need to create a setup like this

FWSM --- Vlan X ---- CMS --- Vlan X' ---- Servers

Vlan x and x' will be part of the same subnet.

To tell the csm to bridge those 2 vlans, specify the same ip for both vlan.

on the servers, you do not change anything.

The default gateway stays the FWSM.

Like this you guarantee that all the traffic goes accross the CSM.

No need for any natpool.

Gilles.

Your response forced me to hit the Cisco configuration books on this one. Bridged mode vs secure router mode vs one-armed mode. Couldn?t remember which was what and what we were currently using.

We are currently using the one armed mode on everything (I think ) because the CSMs are in their own subnets. Please correct me if I?m wrong.

I know this seems simple to you but I?ve tried to come up with an understanding of what you are recommending. But I can?t. Could you elaborate further.