Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Load balance on CSM with both Firewalsl and Cache engines

Hi,

I'm come from VDC#3 ( Vietnam) , we have 2 CSM , 3 firewall , and 8 CE 7325. We configed dual CSMs load balance for 3 FW, and now we want to use one CSM to load balance for CEs. Can you hint me best topylogy network?

Thanks

6 REPLIES
Cisco Employee

Re: Load balance on CSM with both Firewalsl and Cache engines

I would create the vserver and serverfarm for the CE on the internal CSM.

Simply configure it as if there was not fwlb.

I don't know what else to say.

Regards,

Gilles.

New Member

Re: Load balance on CSM with both Firewalsl and Cache engines

That's right , i've done.

But I has a problem. I configured vserver and CE serverfarm, but i can't telnet or ssh to CEs for management because i configued CEs on CSM server side.

Can you explain for me a best network topology for our case?

Cisco Employee

Re: Load balance on CSM with both Firewalsl and Cache engines

your topology is correct.

The problem is your config.

If you need access to the CE ip addresses, you need to configure a vserver to allow this traffic.

Something like

serverfarm FORWARD

no nat server

no nat client

predictor forward

!

vserver access2ce

vip x.x.x.0/24 any

serverfarm FORWARD

ins

Replace x.x.x.0/24 with the subnet used by the CE.

Regards,

Gilles.

Thanks for rating this answer.

New Member

Re: Load balance on CSM with both Firewalsl and Cache engines

I've configured all. It's running ok now. Thanks for all your help.

But We have other problem come from our Custumer.

Our custumer needs to access to website : http://Channel.telerate.com.sg.

After authenticate, this website would download java streaming from port 6080 and 14000. But after I take CEs working, our custumer can not access to use that website.

Can someone help me again?

Cisco Employee

Re: Load balance on CSM with both Firewalsl and Cache engines

start by capturing a sniffer trace and see what happens with connections to port 6080 and 14000.

Do you have a vserver to catch and allow this traffic ?

Thanks in advance for rating my answers.

Gilles.

New Member

Re: Load balance on CSM with both Firewalsl and Cache engines

This is my config:

vserver FROMCACHE

virtual 0.0.0.0 0.0.0.0 tcp www

vlan 320

serverfarm FWINT-SEC-SF

persistent rebalance

parse-length 2000

inservice

vserver TRANSPARENT

virtual 0.0.0.0 0.0.0.0 tcp www

vlan 3

serverfarm CACHE

persistent rebalance

parse-length 2000

slb-policy CACHE-POLICY

inservice

Can you talk more clearly: " sniffer trace" ?

119
Views
0
Helpful
6
Replies
CreatePlease login to create content