Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
5
Helpful
3
Replies

CSS 11501 HTTP Redirect Troubles

mike.loether
Level 1
Level 1

‎05-22-2007 09:57 PM

Hi All,

We have installed a css 11501 to do simple http redirect load balancing. Things seem to be working, but there is one problem. Http traffic doesn't seem to be able to leave the NATed net behind the CSS. Meaning if you browse to the redirect service VIP you are redirected to a new Domain based on round robin. The web server sees the traffic and watching netstat you can see the connection is established. How ever the web client times out with out ever reciving anything.

From the web host you can ping the both the internal and external interfaces.

Doing a sh flows shows the connection progress and everything seems to be talking to the right interfaces and hosts.

Attached is the config.

I am looking at http redirect as it looks like the best option for a mixed http https enviroment with out upgrading to a 11501 w/SSl or a 115003.

Thanks for any help.

Mike

Labels:
Preview file
3 KB
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎05-23-2007 01:57 AM

Mike,

I do not see anything wrong in the config.

Are you sure the server response goes back through the CSS ?

Try to capture a sniffer trace on client and server side.

I'd like to say you have quite a tricky config for something that should be quite easy.

If you do a Layer3 rule and use sticky-srcip you should be able to loadbalance HTTP and HTTPS and guarantee that switching from one to another wil stick the client to the same server.

ie:

content main-rule

vip address 198.60.183.113

add service bb-app-live02

add service bb-app-live01

advanced-balance sticky-srcip

active

If you can't take a sniffer trace, you can also try to configure a source group to see if it solves the problem :

group client-nat

vip addr 192.168.1.25

add destination service bb-app-live01

add destination service bb-app-live02

active

Regards,

Gilles.

mike.loether
Level 1
Level 1
In response to Gilles Dufour

‎05-23-2007 09:27 AM

Gilles,

That worked like a charm.

Thanks,

Mike

0 Helpful

mike.loether
Level 1
Level 1
In response to mike.loether

‎05-23-2007 02:04 PM

Well at least it did until I added the SSL certs. Now as soon as it tries to go HTTPS I get a 12263 error in firefox, page can't be displayed in IE.

Mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents