We are trying to figure out if it is possible to port forward traffic from the Internet to a CSS content rule and have it load balance across a set of services with-out a default gateway.
Here is what we have:
(Port forward SMTP from public IP to private IP VIP address on CCS)
| Internal Network A
| Internal Network B
| SMTP VIP on Internal Network C
Because the source IP is a public IP, we seem to only be able to make this work by configuring a global IP route of 0.0.0.0 0.0.0.0 to the Internal Network B IP on FirewallA.
Although it does work, we want to add another FirewallB for just HTTP traffic to be port forwarded to a different VIP; i.e. we want SMTP traffic through one firewall, and HTTP traffic through a different one. Now I have two paths to maintain a session. Can the CSS support this type of configuration? Is there a better way (we tried firewall load balancing the first time around, but were unable to get it to allow different protocols to go through different firewalls.)
Wow, that works! However, I don't understand how or why it works. Seems like there are now two paths to the same network.
On a related note, with multiple default gateways on the CSS, how could I direct all outbound traffic that originates from the servers to a single default gateway? Does the CSS just round robin outbound traffic accross equal cost paths?
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...