Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Servers connected to CSS - only see themselves on port 80

I have a strange problem with a pair of web servers directly connected to our CSS - no matter what hostname I try to connect to port 80 from their command line, the connection si routed back to them. On any other port the connection goes to the real remote destination. How can I fix this?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Servers connected to CSS - only see themselves on port 80

to turn on the acl, you have to type 'acl enable'.

Send us your config if it does not work.

Also, do some troubleshooting.

Like 'show acl' to see if traffic hits the right one.

Gilles.

4 REPLIES
Cisco Employee

Re: Servers connected to CSS - only see themselves on port 80

you probably have a rule that catches all traffic sent to port 80.

So, this rule catches the connection open by the server and redirect it back to the server.

To avoid this issue, you need to create an ACL so the servers can bypass the content rule

Something like

acl 1

clause 10 bypass tcp x.x.x.x destination any

clause 99 permit any any destination any

apply all

Replace the x.x.x.x with your servers ip address.

Gilles.

New Member

Re: Servers connected to CSS - only see themselves on port 80

Hmm.

I did not have any ACLs in my config, and adding the example above didn't change the behavior. Attempting to visit anything outside on port 80 looped back to the VIP.

Cisco Employee

Re: Servers connected to CSS - only see themselves on port 80

to turn on the acl, you have to type 'acl enable'.

Send us your config if it does not work.

Also, do some troubleshooting.

Like 'show acl' to see if traffic hits the right one.

Gilles.

New Member

Re: Servers connected to CSS - only see themselves on port 80

`acl enable' did the trick. Alas - I'm always forgetting `commit' in sqlplus, too, so this is par for the course.

Thanks again...

-Walter

126
Views
0
Helpful
4
Replies
CreatePlease login to create content