Cisco Application :: 11503 Ping For One Virtual Host
Apr 27, 2013
I have a single cisco 11503 load balancer.There is a single Banner student information system which is load balanced on it with Virtual ip 10.3.20.101 which is working fine without any issues .I am now trying to add an Oracle ERP application with virtual IP 10.3.20.230 and physical ips 10.3.19.22 and 10.3.19.23 all on port 8003.When I just make the group ERP-Apps-Grp active , the vitual ip address 10.3.20.230 is pingable , but when I make the the content Erp_IAT active it stops pinging. [code]
View 6 Replies
ADVERTISEMENT
Aug 1, 2011
Is the XFF [URL] on the Cisco CSS 11503? If not, is it on the roadmap for a future code release?
View 1 Replies
View Related
Jun 9, 2009
i need the MIB object names for monitoring the processor and Memory Utilization of CSS 11503 with software version 7.50 Where can I find it?
View 5 Replies
View Related
Jul 19, 2011
I have a number of web sites that are currently being load balanced by CSS 11503s runninng 8x code. I was recently requested to configure HTTP --> HTTPS redirects on the CSS for every site. In the past, I have only configured the redirects for sites that had a requirement. Now it appears that the server teams want all content encrypted.
1) What impact will this have on the CPU?
2) What impact will this have on Memory utilization?
3) Is there a maximum nubmer on redirects?
4) Are there other things I should be concerned about?
View 3 Replies
View Related
Mar 24, 2013
i have two CSS-11503 in redundant mode running 8.20 code. We had an incident in our network where a layer 2 loop caused some high traffic through the CSS' and had to shutdown some network gear(including the CSS) to clear the problem. When the CSS' were powered back up, the SSL service was suspended, why this would occur? There rest of the config appeared normal. I am the only person on these boxes, the configs were written, and I have never had a reason to suspend the ssl service.
View 1 Replies
View Related
Oct 14, 2012
I know that CSRs cannot be generated with multiple names, but if the SAN is added after the cert is ordered from Geo Trust, Veri sign, etc. can the CSS support using the cert?
View 1 Replies
View Related
Jun 2, 2012
We now have a new requirement . We are replacing existing pair of CSS with ACE 4710 appliances. The problem here is that I can see from the configuration that some SSL certificate installed in CSS .Is it possible to transfer the existing SSL certificate from the 11503 to the ACE? Or, do we need to generate a new key pair and CSR on the ACE? Is there any document available to know the steps for the same.
View 2 Replies
View Related
May 21, 2012
We have several pairs of CSS11501 and 11503 in our network.This issue affects only one pair of CSS11503 in one of our data centres. [code] We use vrrp in one-armed mode for load balancing and they units have performed great for a number of years. We're obviously going to be migrating to ACE ... but not just yet.We have started to experience a problem with replicating the configurations between two CSS11503 in a pair.When running the commit-VipRedundConfig, it starts off happily enough, though slowly.Ending with "working" and the spinning cursor, even after 1 hour the script hasn't completed.We noted on the backup CSS that the APP configuration disappears during the process and I can't remember if this is normal behaviour.
Re-adding the app session configuration seems to interrupt the process, and when checking the configuration on the backup CSS approximately half of it is missing. Everything after the first owner is gone.
1. Configuration is too large, or just large enough to make the commit script take too long for realistic service.
2. Software bug?
3. Combination of both.
4. From now on manually add config to both CSS's and maintain it by process management.
View 5 Replies
View Related
Sep 17, 2012
I only have configured load balancing on apache with a very simple setup. I have to deploy 2 applications on my clients environment that run inside jboss. One of these applications needs session to be sticky to work properly. The other does not.
In apache I can configure is the sticky parameter is true or false, based on the url, like /appA/* is sticky and /appB/* is not sticky. Can I do that in a CSS 11503? My client insists that it is impossible. That the CSS is only ip based.
I copied the configuration below from the manual: owner arrowpoint # content ruleWapSticky
View 14 Replies
View Related
Mar 20, 2012
Am trying to verify performance figures for ACE 4710 as EOL replacement for a CSS 11503 Am sure that the ACE 4710 smokes the CSS but have to complete the due diligence
Pulling figures from data sheets, release notes etc.. I have only come up with the followingIs there any further figures available for the ACE 4710 to fill in the blanks in table?
View 1 Replies
View Related
Sep 11, 2011
what is the "passdetect" command equivalent in CSS 11503 load balancer. software version 8.20.
View 3 Replies
View Related
Oct 4, 2011
I currently have a content group as follows;
content My_Group
add service blade1
add service blade2
add service blade3
vip address 1.2.3.4
advanced-balance arrowpoint-cookie
[code]...
So I have 3 blades which are proxy servers and user go first to an MS ISA server then the VIP of the CSS and then the rules processes them give them a blade and chuck them out onto the Internet.
I want to leave the above rule, but remove one blade create an additional content group with that blade and have it process requests for a particular site so, I would create the following
content My_Group2
add service blade3
vip address 1.2.3.4
advanced-balance arrowpoint-cookie
[code]...
So my question is can I do that having the same VIP's etc so if a request comes in and it matches www.thewebsite.com that the second content rule matches it 'better' and therefore processes it or would it still be caught by the "/*" content group. I don't want to create more VIPS as I have a real ache getting firewall rules done.
View 9 Replies
View Related
Jun 26, 2011
I'm not sure if my terminology is correct when using hairpinning but i was wondering if there is any special config needed when you try to access a content rule VIP from a server that's configured as a member of a source group on the same CSS?
So say i have a content rule with a VIP 20.20.20.20 and i also have two servers 192.168.1.1 and 192.168.1.2 that are part of a source group with VIP of 20.20.20.21. My problem at the moment is if from the servers 192.168.1.x i try to ping the other VIP 20.20.20.20 that's configured on the same CSS then it doesn't work and ping fails. The same happens with HTTP traffic to the 20.20.20.20 VIP.
I would have thought that the NAT of the source group would happen before the routing so the 192.168.1.x IP's would be natted to 20.20.20.21 and then passed over for routing where the CSS would see that the VIP 20.20.20.20 is local and it would send it on it's way.
I thought it might be ACL related but i increased the verbosity of acl logging and couldn't see anything in the logs.The source group works fine on it's own and from the CSS itself i can ping the 20.20.20.20 VIP fine. It just seems that from the source group members i can't ping the VIP.
View 1 Replies
View Related
Sep 26, 2011
what is the OID for See the hit status of the spefic VIP and RIP coming under the VIP .apeart from this CSS box having any module to moniter the hit status or VIP's and RIP's
View 2 Replies
View Related
Jun 27, 2011
I have a host that can successfully connect to a PIX 515E (7.x OS) via VPN Client; however, I have no IP routing to the LAN from the remote host.The VPN IP pool works finem,The LAN default gateway is the inside interface on the PIX; the network is flat L2 behind it.The default route on the PIX points out; no other routes are defined,The VPN remote host can be pinged from LAN hosts, but the VPN remote host cannot ping any LAN host, not even the PIX inside interface.
View 2 Replies
View Related
May 7, 2012
ASA 5510
Ver 8.2(5)
I have been looking all over the place for the answer of how to allow clients on an IPSEC VPN to ping from host to host.
View 4 Replies
View Related
Nov 29, 2011
I recently "inherited" a CSS 11503 - I've only used ACEs before - and I want to get HTTP keepalives working.To start, I created a test service:
lb-1# show run service sunbird-http-7025-test
!************************** SERVICE **************************
service sunbird-http-7025-test
port 7025
ip address 141.211.229.168
[code].....
View 2 Replies
View Related
Jan 20, 2012
I have a CSS 11503 with a basic content rule for TCP 10000 going to a few backend servers. I was looking into the default timeout values for flows and when testing using telnet the flow didn't terminate as expected?
For example, i have no 'timeout multiplier' specified in the config and when i look at the output of 'show flow-timeout default' it tells me the default 16 seconds timeout is in effect for *. With that in mind, i telnet to the content rule vip on TCP 10000 and on the backend server using wireshark i can see the TCP threeway handshake. With no data passing i'd expect the CSS to terminate this flow after 16 seconds.. yet it takes exactly 128 seconds before wireshark shows the RST and the flow is terminated. 128 being 8 times the default 16 second flow timeout.
If i try to force the connection to close early by specifiying 'flow-timeout-multiplier 2' in the content rule, or even a multiplier of 40, it still waits 128 seconds to close the telnet connection.
View 1 Replies
View Related
Feb 10, 2011
I'm just wondering if its possible to ping an IPv4 host using the IPv6 host assuming that the NAT64 has already been implemented?
[code]...
View 2 Replies
View Related
Oct 2, 2011
Is it possible on the CSS11503 to create a layer 5 content rule that matches a url "/*/_edit".
View 3 Replies
View Related
Jun 18, 2011
I have already raised this discussion on "LAN, Switching and Routing" group. But I guess this is the right group for my queries. So I am sending my queries in this group again.
We are using CSS 11503 with one 16FE line card. We have connected 3 servers with redundant link. So FE1-2 in Server1, FE 3-4 in Server2 and FE5-6 in Server3. Our system team has configured APA in their servers as they are using HP-Ux.
1) Do we need to do any configuration at line card.
2) Do we need to do ether-channel at loadbalancer end. if yes, can you share me any cisco doc on how to do it.
View 1 Replies
View Related
Sep 11, 2012
We have a pair of CSS 11503 installed in our DC. Stickiness is configured for one of the application since long back and was working pretty fine till last couple of months. Since last two months, we observed that CSS is not distributing sessions the way it suppose to be. Mostly, it forwards the session to same server even though request is coming from different sources. Once we refresh the sessions manually, it starts working fine. We have to do this exercise manually every alternate day.
View 1 Replies
View Related
Mar 27, 2013
I have 2 pair of 11501 switches and 1 pair of 11503 switches on 3 sites(LA, China, Taiwan).Each site has a pair of 1105x switch running as redundancy between them and is a standalone which will not interact with others.Recently a series of interfaces(ports) down happened to every active 1150x switches without any reason and log.Especially today, it happened to active switches at 5:39 AM meanwhile on 3 sites.
View 3 Replies
View Related
Oct 30, 2011
I am trying to get a sample command output of "show chassis inventory" for:
CSS 11501
CSS 11503
CSS 11506
View 1 Replies
View Related
Feb 2, 2011
Running a Windows 7 laptop plugged into a LAN using ethernet cable with internet.The built-in wireless nic on the laptop connects to a totally different internet network. I set up an XP Mode Virtual PC on the laptop with the intention that it would use the wireless internet connection.I set this up by installing Microsoft Loopback Adapter, then sharing the wireless nic to it. The Virtual PC is set to use the Microsoft Loopback Adapter as its network connection.My problem is that only the hard wired internet connection works.The wireless is connected and has an ip address, however no traffic flows through it until i either disable the cabled network or physcially unplug the cable. Is it possible to have my host laptop use the cabled internet connection and my virtual pc use the 2nd wireless internet?
View 1 Replies
View Related
Dec 12, 2011
I set this up and I can ping all the gateways but never the hosts. I was hoping I could make these links between 6500's a mix of L2 and L3. Check it out. They are connected in a linear fashion R1--->R2--->R3. I can ping from R1 to R3's SVI4 gateway but I can never ping a host on that SVI4. I was hoping that I could use the port-channels between 6500's as routed links or as trunk links depending on the type of traffic....thought it would ease the migration. I suppose I could always get rid of the port-channels and just make separate L2 and L3 links between the 6500's.
View 3 Replies
View Related
Jan 5, 2013
VIRTUAL MACHINE ~ Can Guest OS become Infected Through Host OS ?If I setup and use a virtual machine running/containing both a Host OS and a guest OS ... do they remain completely separate entities when operating one or the other?My main concern is Virus related ... if for instance I'm Running Windows 7 as the host and XP as the guest and I get the host OS infected, will the guest XP OS also contract it by default because it is operating on the same disk?
View 1 Replies
View Related
Jan 11, 2012
One of the persons involved in a home network has installed a Dlink DIR-825 Rev-B Extreme router on the Comcast cable system to allow a 'better' wireless signal on upper floors of the home. Two others involved in the same home network use a 'secure desktop access' software called NetOp to access the network remotely. To facilitate this software, we must 'port forward' port 6502 on BOTH UDP and TCP to the single system that is accessed.
However, this setup (simple port forwarding) does not seem to work - neither does 'virtual server', for that matter. Prior to this router being installed, it was extremely simple to accomplish this remote access using a Linksys router, so our software firewall configuration has not changed but the new Dlink seems unable to allow remote access.
How (and via which of these access methods - port forwarding or virtual server) would be best? This configuration seems frustratingly difficult to accomplish and I'm about to take the Dlink 'out' of the network and re-install the Linksys with a 'high-gain' external antenna to facilitate simple signal enhancement.
View 3 Replies
View Related
Feb 23, 2011
I've been trying to set-up DMZ for my DSL-2542B-SE_1.00_06112008.
But the problem is when I access my IP from WAN, It connects to Router Control Panel, I have set DMZ IP as 192.168.1.2 which is the my computer where I have the Server set-up.
Now I've disabled DMZ but still I can access to my router from WAN through my IP.
View 2 Replies
View Related
Apr 28, 2012
My host has an IP of 20.168.1.2 from a router DHCP. I have a virtual environment which has a DC and DNS and the IP is: 192.168.1.x how can I get access from my host to the virtual environment? What do I need to setup on the host OS? (Windows)
View 3 Replies
View Related
May 15, 2013
I have a host machine (Laptop, Win 7 Home Premium x64) running Windows 7 Ultimate x64 on VMWare Workstation 9. I've got this system set up for UMDF driver development, because I need a target machine to debug drivers on. However, because I'm developing drivers for Win 7 (x86 and x64), I cannot connect to the virtual machine on via a simple network connection. Connection methods are outlined here.
I have tried a few different pieces of software (mostly Eltima software), and have Google'd every combination of phrases that I can think of. I can't find any information on this anywhere. I don't just need to share data between the machines, I need a more "physical" connection.
Does any know how to do this, or if there's another (preferably more simple) way of doing it?
View 1 Replies
View Related
Feb 16, 2012
I'm trying to design a CSS configuration that allows servers in the same vlan to be the source and destination of load-balanced traffic. My thought is to add two new vlans, one for the VIPs and one for the servers, then NAT the source IPs going from the LB to the servers.
Is this the right way to do it?I've never NATted using CSSs, so I wanted to verify what I'm thinking.Our current config trunks the vlans -
interface 1/1
trunk
vlan 1
default-vlan
vlan 555
[code]....
View 3 Replies
View Related
Jun 8, 2011
I have Vista as my Host OS and using Microsoft Virtual PC, I have Installed 3 machines (XP, Win2003 and Linux)I am connected to Internet via USB data card.My guest OS are not able to see each other(ping each other).
View 14 Replies
View Related
