Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CSS deployment with PIX DMZ and Inside

Hi,

I have two CSS11506 devices that need to be deployed for load balancing two sets of web servers (A,B) and (C,D). The servers (A,B) and (C,D) are totally independent and load balancing must be between the same set of servers.

The set (A,B) is placed on the DMZ interface of a PIX box. They are reachable from the internet.

The set (C,D) is placed on the inside interface and will be accessed only by internal users.

My requirement is to use both the CSS boxes with ASR for both the sets of servers.

I am thinking of creating another DMZ and placing the CSS boxes alone there. Any request from the inside or outside for these servers would go to this CSS DMZ and will be routed appropriately.

Is there any other solution? What security concerns should I address?

1 REPLY
Cisco Employee

Re: CSS deployment with PIX DMZ and Inside

to guarantee the response from the servers to go back to the CSS, you will need to do source nating. So, just be aware that you will lose statistics of who is connecting to your servers.

If this information is a requirement, there will be no other solution than to use 2 CSS - one for dmz and one for inside.

Gilles.

106
Views
0
Helpful
1
Replies
CreatePlease to create content