We have a 2 Linux boxes webserver in DMZ configured with address 172.16.245.17 and 172.16.245.18.We have setup a virtual ip 172.16.245.16 between them and statically mapped it to a public address.I have opened inbound access from .16 virtual address to inside.I have an issue.When i check the logs instead of it talking on virtual address .16 i see a request is made my host .17 so my question so i need to open inbound for both the machines .17 and .18 instead of single address .16 if that is the case i am managing a huge access-list on dmz interface inside as i am opeining ports for both .17 and .18 instead of .16
Also other question is if .17 goes down my arp time out is 14400 set to default so it will take time for mac address for .16 to clear and get mac address of .18
This is an issue with your LInux boxes, they are not talking on .16 which is their virtual address. Either a misconfiguration happend or else something wrong. If they talk on .17 and .18 then you need to open up hole for them.
for your other issue, you need to lower down the arp time out, but it should not matter much though, since once ,one pc is down the other will take over and start sending his MAC address instead. so pix should update it
Thanks for the response but as you told earlier even if i don't change the arp pix should update the new mac address it's not happeing.I kept the default arp 14400 and did show arp and .16 and .18 had the same mac address.than i removed the network cable on .16 but did n't refresh arp until i clear the arp and than .16 got the mac address of .17 any ideas
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :