Hi all.
I have a couple of questions with regard to configuring the CSS and would welcome some assistance.
Firstly the CSS has multiple servers on a subnet that provide different services. The VIP addresses are also on the same subnet.
The clients are on another subnet and we are using loopbacks on the servers to allow DSR for the purpose of logging IP addresses. This all works fine.
The problem that we now have is that we require server to server communication via VIPs also. This will obviously not work as the servers will respond directly to the source thereby breaking TCP communication and timing out.
My question is can the CSS provide static source NAT like the F5 Big-IP can which gets around this ? I have tried using the add destination service to hide the source address but this does not work either.
I have tried setting up a server to be NAT'd wherever it talks by using:
acl 1
clause 10 permit any x.x.x.x destination any sourcegroup DST
clause 50 permit any any destination any
apply circuit-(VLAN252)
This didn't work either.
Any ideas here ?
On final question, is it possible to have a VIP monitor another VIP so if one fails then the other does too ?
I can post the config is that will help.
Thanks in Advance.