Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
319
Views
0
Helpful
1
Replies

CSS deployment with PIX DMZ and Inside

yvasanthk
Level 1
Level 1

‎01-07-2007 10:19 PM

Hi,

I have two CSS11506 devices that need to be deployed for load balancing two sets of web servers (A,B) and (C,D). The servers (A,B) and (C,D) are totally independent and load balancing must be between the same set of servers.

The set (A,B) is placed on the DMZ interface of a PIX box. They are reachable from the internet.

The set (C,D) is placed on the inside interface and will be accessed only by internal users.

My requirement is to use both the CSS boxes with ASR for both the sets of servers.

I am thinking of creating another DMZ and placing the CSS boxes alone there. Any request from the inside or outside for these servers would go to this CSS DMZ and will be routed appropriately.

Is there any other solution? What security concerns should I address?

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎01-08-2007 12:12 AM

to guarantee the response from the servers to go back to the CSS, you will need to do source nating. So, just be aware that you will lose statistics of who is connecting to your servers.

If this information is a requirement, there will be no other solution than to use 2 CSS - one for dmz and one for inside.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents