Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

CSS FTP, Print and NAT

All,

I have configured up a content switch for a customer of ours that is having a new oracle solution installed.

There are 6 oracle servers, 3 database and 3 application.

I have configured up 1:1 contents as well are a 3:1 content to loadbalance the webfront end. I did this so that the developers can still access the servers.

This all works fine, accept for a few issues:-

1. When an FTP session is initiated to any of the servers, the inital TCP handshake is passed, but then the session drops out and no FTP data is passed. I used a sniffer on this and the content switch is sending a TCP RST as soon as the first ftp packet leaves the server after the TCP handshake.

2. When one of the oracle servers (on the 10.50.98.x addresses) tries to make a conenction out (for sending data to a printer) this doesn't work at all. After a quick look, I realised that I needed to put on an acl to push to an outbound group. I used the config:-

group outbound

vip address 10.50.99.100

active

acl 1

clause 50 permit any any destination any

clause 15 permit any 10.50.98.0 255.255.255.0 destination any sourcegroup outbound

clause 10 permit any 10.50.98.0 255.255.255.0 destination 10.50.98.0 255.255.255.0

apply circuit-(VLAN18)

acl enable

----------------------------------------

This then stopped the box from doing anything....

Do I have the routing wrong on the box? Is there futher config that needs configuring to enable FTP to work properly?

Do I need to be more specific with my acl for the traffic coming from 10.50.98.x ?

Many thanks in advance,

LH

** Config enclosed **

2 REPLIES

Re: CSS FTP, Print and NAT

All,

I've been doing some work on the FTP and it works fine in port mode using IE.

I'll get the Passive config sorted - does anyone have any good links?

LH

Cisco Employee

Re: CSS FTP, Print and NAT

as soon as you do acl enable, the css default behavior of the css becomes deny any any.

So, if you did not apply an acl on your client vlan, then all your traffic is blocked.

For ftp config, there is a link @

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093de6.shtml

"Understanding and Configuring FTP on the CSS 11000"

Gilles.

140
Views
0
Helpful
2
Replies
CreatePlease to create content