Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Hit the VIP from the server side behind the CSM in L2?

We have a CSM w/ 4.1.6 and would like our RIPS to be able to access a VIP on the same CSM they are on the same subnet but different vlans in L2 design. Any ideas to make this work?

1 REPLY
Silver

Re: Hit the VIP from the server side behind the CSM in L2?

According to DE, the SSL blade will apply its local subnet mask to the incoming packet's source IP. In your case, you had a /24 subnet mask configured on the SSL's vlan, so addresses that end with .0 or .255 would be discarded since the blade treated them as network or broadcast addresses.

The workaround is to configure the lowest subnet mask on the SSL proxy vlan where traffic is received (like a /8).

Configure ssl-proxy vlan with lowest mask to receive traffic or configure ssl-proxy vlan where traffic received to lowest mask (ie,. /8 mask) or load next maintenance release image 2.1(2)

117
Views
0
Helpful
1
Replies
CreatePlease to create content