Private addresses from CSS being seen on PIX internal interface
Ok I've been looking at this for three days now and I can seem to fix it. The short story is we use a CSS11503 code 7.02 as a one armed load balancer for several Proxy servers. Generally speaking, things are working. However, when traffic gets heavy, I start seeing the private addresses from behind the CSS (192.168.5.191 & 192) trying to access the internet without being NATed to (126.96.36.199 & 192). Someone please give me a hint. The basic config is below cutting out all of the junk..
service ProxyA ip address 192.168.5.191 keepalive type tcp keepalive port 8857 weight 2 active
service ProxyB ip address 192.168.5.192 keepalive port 8857 keepalive type tcp weight 2 active
content ISA add service ProxyB vip address 188.8.131.52 add service ProxyA flow-timeout-multiplier 225 advanced-balance sticky-srcip balance weightedrr active
content ProxyA add service ProxyA vip address 184.108.40.206 flow-timeout-multiplier 225 active
content ProxyB vip address 220.127.116.11 add service ProxyB flow-timeout-multiplier 225 active
Re: Private addresses from CSS being seen on PIX internal interf
They started out the same. I forgot to change some of those rules when I was working on this current problem. In any case, I've updated them all and still see the same results.
I addition, I read a note about the CSS being less efficient as a "one arm" so I connected a second interface and separaged "Internal" and "External" CSS interfaces. Don't know that it helped at all. Still getting the 192.168 address flowing out to my PIX. Wile I was tinkering yesterday, I did notice that by disabling the Group for a proxy server, ALL of his traffic continued to flow into my PIX without NAT. I didn't know that could happen. I figured without a Group assigned to a server, it couldn't pass traffic outside the CSS.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
Introduction Prepositioning is a powerful tools on the WAAS platform but
it is not always easy to figure out why your jobs are failing when
trying to retrieve the files.Here is a method that should help you to
figure out the reason why they are not succes...