11-12-2006 06:12 PM
the css connects to cisco 6509 by trunking,permit vlan all, on the css and 6509 creats vlan61. the real servers connect to 6509.on the css creat VIP address for vlan61 that the ip address is the same subnet.
the question is that the user can access the service supplied by the real servers and ping the VIP address,but can't access the service through the VIP address. through the show service summary command ,the services are all alive.
11-13-2006 12:14 AM
this is becaus your server bypasses the css for the response. You need to guarantee that the server response goes back to the CSS and not directly to the client.
Use a sniffer trace to see where the traffic is going and what is happening.
The ping are answered directly by the CSS because you have configured a L7 rule.
With an L3 rule, the ping would be forwarded to the servers and the response would also be asymetric causing a failure.
I believe I already told you this in a previou s post.
Gilles.
11-13-2006 01:05 AM
You are using one-armed mode.
Configuring group will enable source-natting and it will make sure that return traffic will go through CSS.
I hope it helps.
nayan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: