Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
571
Views
0
Helpful
3
Replies

CSS 11501 configuration problem

v.ivanov
Level 1
Level 1

‎04-19-2006 02:59 AM

Hi All!

I have a CSS 11501 with sg0750004 (07.50.0.04) soft version.

I have a following configuration:

!************************* INTERFACE *************************

interface e8

trunk

vlan 54

vlan 53

!************************** CIRCUIT **************************

circuit VLAN54

ip address 192.168.15.98 255.255.255.0

circuit VLAN53

ip address 10.199.84.99 255.255.255.0

!************************** SERVICE **************************

service MAP

ip address 192.168.15.203

active

!*************************** OWNER ***************************

owner Test

content Tst_Test

vip address 10.199.84.203

add service MAP

active

!*************************** GROUP ***************************

group Tst_grp

add destination service MAP

vip address 10.199.84.203

active

I have a following problem:

I can successfully connect to 10.199.84.203 from subnet 10.199.84.0 only, i.e. i can't do that from others subnets.

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎04-19-2006 06:29 AM

you do not seem to have a default route configured on your CSS.

Try 'ip route 0.0.0.0 0.0.0.0 10.199.84.1' or dot whatever is the gateway ip.

Gilles.

0 Helpful

v.ivanov
Level 1
Level 1
In response to Gilles Dufour

‎04-19-2006 10:26 PM

My DG is 10.199.84.11 and I have this command in my config.

I am minotoring 802.Q Trunk on interface Ethernet8, аnd I see following situation:

1. Conenct from 10.199.84.98

10.199.84.981.....10.199.84.203....10.199.15.203

.....SYN >  

..........................SYN>

...........................................< SYN,ACK

.....................< SYN,ACK

......ACK >

.....................ACK >

That`s right.

2. When I try from another nets.

10.199.84.98 10.199.84.203 10.199.15.203

......SYN >

10.199.84.203 don`t translate to 10.199.15.203

Service MAP is Alive.

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to v.ivanov

‎04-20-2006 03:50 AM

can you ping the CSS interface and vip from remote location ?

Do you have any acl ?

Could you capture and send us a 'show boot'.

Also, go into llama mode and enter the command

'flow trace-ip ' scr ip generating the syn.

'flow option 0x1'

Then send the traffic and verify if you get any entry in the log like

FLOWMGR-4: TCP in 192.168.20.137:81->192.168.20.112:11293 SYN

After doing test do a 'flow options 0x0' to stop debugging.

Thanks,

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents