We successfully migrated to a one-armed transparent proxy configuration with two SCA-2 boxes off a CSS11501. The reason for the migration was to allow the client (INET) source ip addresses to land on the server.
However ICMP echo replies broke. I fully understand why this happened as we are using 3 default routes and relying upon the " prefer ingress " behavior of the CSS as documented here :
Re: one armed transparent proxy configuration saga
Well, why is "originated packets" not an option? I would think that would work. The reason is that we don't set up a flow for ICMP, so our reply should use the originated packets route.
Also, you could make a host route for the station that needs to ping the VIPs. Then you don't need to worry about the extra routes. The only caveat is that the host defined in the host route will not be able to access the VIP as we won't use the extra routes for that host.
If those don't do it, then proxy mode will be your 3rd option.
Of course, use the actual MAC address of that gateway. The CSS pings default-gateways and we will need to turn that function off....
CSS11150(config)# ip no-implicit-service
That way, we will keep the routes in the table. We will not be able to ping the ".6" address from the CSS but will use the MAC address for all traffic originated from the CSS... I believe that will work for you. Is that an option?
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
Introduction Prepositioning is a powerful tools on the WAAS platform but
it is not always easy to figure out why your jobs are failing when
trying to retrieve the files.Here is a method that should help you to
figure out the reason why they are not succes...