We are using a CSS-11501 version 7.5 to load balance SSL connections to a pair of Citrix Web Interface servers. The CSS is connected to a DMZ interface of an ASA5520 on one side, and a 3550 with the web interface servers on the other side. Citrix app servers are in the internal network.
The problem is that users are dropped after 45-75 minutes. If the load balancer is bypassed by suspending the service and connecting to the server IP, the drops stop occurring. Sniffer traces indicate it is the Citrix 1494 connection between the Web server and the internal Citrix server that is being dropped.
Tried extending TCP flow, and sticky timeouts but no change.
Is it possible to disable the NAT function on the 1494 backend connection and still allow load balancing of the 443 client connection?
You will do a Port translation so however you do it you will be "translating". Have you tried upgrading to a newer version ? 8.X is out. Not sure it will have fix for it but it might well be worth a try.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...