cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
597
Views
0
Helpful
1
Replies

SLB and PIX/ASA device

rsik
Level 1
Level 1

I need to put a firewall device between a server load balancing (SLB) device and the real server(s). SLB uses Direct Server Return (DSR), in which case the VIP address is configured as the loopback address on the real server. Simply, the reason for the loopback address configuration is the fact that the server does not reply any arp request for the VIP, yet still serving any incoming requests for that VIP address.

So, when I put a firewall device between them, and enable NAT, the device will reply arp request for VIP as well. My goal is to configure a NAT for VIP to be able to get the packets forwarded to the real server, but no answer to the arp request for that VIP by the PIX/ASA device.

Any comment?

1 Reply 1

vkapoor5
Level 5
Level 5

With Device Manager you can enter device credentials for SLBs, which enable you to provision the device, delete or discover device services, change SNMP community strings, and set up device redundancy.

http://www.cisco.com/en/US/products/sw/cscowork/ps150/products_user_guide_chapter09186a0080504873.html

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a0080093de3.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: