Cisco Application :: CSS 11500 - Accessing Virtual IP From Server Vlan
Jan 5, 2011
I have a question regarding CSS loadbalancer. Let's say there are 2 vlans in CSS:
1. Vlan 10: 10.1.1.0/24 as external interface, interface where most of the clients are coming from.
2. Vlan 20: 10.1.2.0/24 for real server vlan.
Virtual IP 10.1.1.10 is created in CSS on behalf of two real servers (10.1.2.11 & .12) in Vlan 20. Client from Vlan 10 can http access to 10.1.1.10 successfully.
In Vlan 20 there's also few clients which need to access servers via virtual IP. Vlan 20 Client PC (10.1.2.101) can ping 10.1.1.10, but can't access 10.1.1.10 http service.
Is there any way for CSS to forward service request coming from Server vlan to be send back to the same segment?
View 9 Replies
ADVERTISEMENT
Nov 25, 2012
I'm trying to set up a load balancer within an OVH (hoster) infrastrcture, I've followed their instructions [URL] I'm using a RIPE block (5.135.193.xxx/28) and would like the first 8(5.135.193.xxx/29) to be used as the virtual server.vlan 2676 is the local one, and vlan 1227 is the public one.After all the config steps, none of these IPs are responding to a ping, nor a direct http request.
the full configuration is :
=============================================
ssh maxsessions 1
access-list ANY line 8 extended permit icmp any any
access-list ANY line 16 extended permit ip any any
probe tcp PROBE_TCP
passdetect interval 30
[code]....
View 5 Replies
View Related
Feb 23, 2011
i'm getting "general network error" while accessing application from server..
client machine: Windows 7
server machine: Windows 2008 server
Switch : 24 port unmanaged D-Link switch ..
network cable: CAT-5 cable.
View 1 Replies
View Related
Sep 26, 2011
I can access our CSSS 11500 through telnet and a serial connection. When I try the web interface, I get:
CVDM Startup Error CVDM has not been granted the necessary privileges to startup successfully, or another unknown error occurred during startup. Please close all involved browser windows and try again by granting all requested privileges.
View 2 Replies
View Related
Dec 21, 2011
We have multiple CSS 11500 clusters. We have found that on all of them, if you try to open a session on any port to an IP address on the backend of the CSS, the CSS will complete the SYN-ACK-ACK session with the client. This happens regardless of whether there is something on that IP address or not.
Coming from any IP, if I try to telnet to ANY IP on the 10.2.2.0 subnet (whether or not there is an actual server on that IP) on any port (whether or not that port is open or not), the CSS will complete the initial connection. I have verified this using telnet to numerous ports and viewing the transaction in a packet capture.
Is there any way to shut this off? This is causing some licensing issues for our security folks that use a vulnerability scanner licensed on number of IP addresses.
View 4 Replies
View Related
May 11, 2011
I have two CSS 11500 series.In just a few months i will have ready a DRS (Disaster Recovery Site), where i will have 2 more servers to add to the environment.
View 3 Replies
View Related
Nov 30, 2011
We have a CSS 11503 with the following partial config [code] it is clear that the server at 10.10.10.222 is active. What we cannot understand is why web site is inaccessible thru load balancer using http://10.10.10.1.
View 2 Replies
View Related
Apr 29, 2012
I need to configure a keepalive that check an url in a server (http in port 9500 not in port 80) and check the port 443 in the same server. If any of them not response . the service should go down.
View 1 Replies
View Related
Oct 29, 2012
i don't know why cu need this feature, he want stickiness based on source ip and source port. Does CSS 11500 support stickiness based on source IP and source port?or is there any other method to support stickness based on source ip and sourceport?
View 12 Replies
View Related
Aug 16, 2012
Am I able to use an SSL cert in the proxy list for the same VIP but on a different port?
View 1 Replies
View Related
Apr 24, 2013
I have a Cisco ASA 5505 with the base License. I want to split my network and add a new Internet Access, the first network in Orange works fine. My question is how can i access the file server from the second network (192.168.X.0 /24) ? The 3 switches are Cisco SF300-24P.
View 7 Replies
View Related
Aug 24, 2011
I'm attempting to redirect SSL from the base site to a different page on the same SSL site. I want to redirect https://10.4.16.54/* to[URL] . If I enter[URL], site loads, but if I enter simply https://10.4.16.54, it times out. The ssl_sharepoint service is my ssl_proxy_list.
content Sharepoint_https
flow-timeout-multiplier 10
sticky-inact-timeout 35
vip address 10.4.16.54
application ssl
[code]....
View 5 Replies
View Related
Apr 6, 2013
I have some problem in my small network.I have 2 SF-300 48 port switches and connected to 847 router for intervlan routing. I configure 7 vlan in SW1 and uplink to SW2 with trunkport.
The problem is that if i used default gateway for users ip address of interface (vlan interface) is ok. I bring two adsl modem and connected to vlan1 and vlan2 for internet access. When i connected this two modem vlan 1 and vlan 2 are not going to access other vlan 3,4,5,6,7 and wise versa.
vlan1 users getting default gateway from adsl modem ip, how i can permit this two vlan should to access other vlan 3,4,5,6,7 and 3,4,5,6,7 should access to internet also.
[URL]...
View 4 Replies
View Related
Jun 15, 2012
We have an ANM Virtual Appliance, version 5.2, were we login and can go no further. This was working for fine for approximately two and half weeks. We created a backup and re-loaded the system via CLI with the same result. We logged in again via SSH and we have noted the following:
cscoanmsa/admin# sh disk
temp. space 4% used (141244 of 4951688)
disk: 7% used (353916 of 5935604)
Internal filesystems:
warning - /var is 100% used (89219000 of 89258112)
cscoanmsa/admin# sh application status ANM
[code]....
Is there any way to access and clean out the /var directory from the CLI. is this achieved simply via the "delete" command with the full path ?
View 5 Replies
View Related
Feb 14, 2012
I am completely new to the Cisco ACE devices but have been asked to look at deploying them. I have read the ACE virtual partioning paper which covers the ACE module, and it mentions the following;"In an active/active high-availability design, both the primary and backup Cisco ACE modules are active simultaneously. The active virtual partitions are distributed across both modules, such that approximately half are active on the primary module and the remaining are active on the backup module."does the same resilience model work the same using the Cisco 4710 appliances? I.e. can we split virtual partions across two physical devices thereby having an active/active scenario.
View 4 Replies
View Related
Sep 18, 2011
The upgrade process for ANM virtual appliance 4.2 involves doing a backup and restore as root user. I have looked through the documentation and have even reinstalled the virtual appliance to see if the install script gives away the root password for the OS but without luck.
How to set/find the root password?
View 2 Replies
View Related
Apr 27, 2013
I have a single cisco 11503 load balancer.There is a single Banner student information system which is load balanced on it with Virtual ip 10.3.20.101 which is working fine without any issues .I am now trying to add an Oracle ERP application with virtual IP 10.3.20.230 and physical ips 10.3.19.22 and 10.3.19.23 all on port 8003.When I just make the group ERP-Apps-Grp active , the vitual ip address 10.3.20.230 is pingable , but when I make the the content Erp_IAT active it stops pinging. [code]
View 6 Replies
View Related
Jun 3, 2012
I am in the process of configuring load balancing on ACE module but struggling to configure virtual IP address for ACE module. I'm working on ACE30 module and using software version A5 (1.2). ACE module is in slot of Catalyst 6504 switch.
View 5 Replies
View Related
Jun 11, 2012
I am new to the ACE30. I a basic configuration from the CLI and I am trying to use the device manger. I am able to get to the web informational page rather then accessing the login page. I have rest the password for both the admin and www and still no go. my question is how to go into enabling the GUI access.
View 1 Replies
View Related
Jan 28, 2013
Is there a way to convert TCP options header into an http header using Cisco ACE ? is there an equivalent solution with Cisco as the one proposed by F5 here: url.
View 7 Replies
View Related
Sep 6, 2011
I've got basic connectivty to our ACE30 module and when I try connecting to the management IP address (attached to the Admin context), I see a very basic GUI which only lists the CSM to ACE config conversion tool. I don't see a GUI as detailed in the document: url...How do I get the ACE Applicance Device Manager GUI working so that I can then configure real servers, serverfarms etc rather than via the GUI?Having read through copious amount of documentation I can't seem to find a refrence that would ne useful here. This should be a fairly straight forward exercise - do I need to install some other software to get the full fledged GUI working?
View 2 Replies
View Related
Jan 24, 2013
I’m working with a managed switch that has three V LANs setup on it. Recently the domain changed and the wireless V LAN can no longer access the internal website. I found access rules, in the switch that allowed the wireless V LAN to use the DNS server on the private/staff V LAN. Their DHCP scope is on the switch and DNS is set there. The Website is also on the V LAN with the DNS server. This configuration totally cuts out external DNS usage. It stopped working though. It is as if when things switched on the Domain the wireless users were denied DNS requests. The switch was not touched at that time. I’m looking at it though and it seems that I may have conflicting rules.
The version is 12.2. I believe its a Catalyst 2600~
DHCP scopes: ip dhcp pool INSIDE network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 192.168.1.6 192.168.1.4 domain-name saline.lib.mi.us
ip dhcp pool WIRELESS
network 172.16.0.0 255.255.255.0 default-router 172.16.0.1 dns-server 192.168.1.6 192.168.1.4
Here is the V LAN Setup:
Interface Vlan1
ip address 192.168.1.1 255.255.255.0
[code]...
Here are two access lists that should be allowing the traffic from 172.16.0.0 into the list IPs/Ports. These do no work.
ip access-list extended WIRELESS-PRINT
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 30044
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 21326
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 6987
[code]...
During my testing I removed the Deny rule and everything worked. deny ip 172.16.0.0 0.0.0.255 192.168.1.0 0.0.0.255
However, the “ permit ip any any “ rule, makes all the port rules pointless because when this rule is in place solo, I can ping and access everything on the 192.168.1.0 network. Is there a way to deny everything, except what I permit? Because when I remove the ip any any, then they cant even get out. Perhaps there a better way to say, the wireless users can get out but only get into the sub net over specific ports? I have a feeling it may have not be thought out entirely when initially created. However, the big mystery is that it worked before secondary domain controller failed.
View 1 Replies
View Related
May 22, 2012
I have a LAN with 6 vlans and a 2821 router. By default, intervlan routing is enabled for all vlans, however, I want specific vlans to be denied access to others, though all should still be able to use the Internet being served from GE/0.
View 6 Replies
View Related
Jun 6, 2011
What is the best virtual software to run on the server
View 1 Replies
View Related
Aug 10, 2012
Sometime in the past month my virtual server has been serving slow speeds to a majority of places when I used to get 500KB/s + speeds down and 250KB/s speeds up regularly. My home network is Verizon Fios 15/5 and speedtest.net reports exactly those speeds at any test server I choose.
I've been going back and forth with my virtual server host (1and1) about my virtual server download and upload speeds. I've done a lot of testing to see if there is packet loss with WinMRT and also traceroutes from a couple locations.1and1 has done testing and verified it's NOT their network causing the slow downs as their download tests have returned fast speeds. I've tested at about 8 locations to download this file ( [URL] I can assure you that link is safe, it's just a zip of the .Net 4 redist pacakge) and 6 out of the 7 get speeds ranging from 10kb/s-50kb/s, only 1 out of the 7 gets 400kb/s+ download speeds and that is located in Chicago, 4 are from Los Angeles area and 2 from Denver area and one from Orlando area.
Is it possible to get some users (Preferably West Coast USA) here to download and report the speed it downloads, location they are at, and the internet provider and package they have? If I cannot find the cause of this, I may have to move to a different virtual server provider which takes a lot of configuration for my server because of the nature of it
View 1 Replies
View Related
Sep 29, 2011
I'm having trouble connecting my client/server in my virtual PC. they just aren't seeing each other when it comes to connecting them to continue my server class.
server 2003 windows xp running on virtual PC I'm running windows 7 on my computer
View 4 Replies
View Related
Oct 12, 2011
We have an ACE Appliance in a DMZ and the ACE Appliance's Admin Context IP is translated between ACE and ANM. The ANM Server does not get translated. It is just the opposite then in another Community discussion.
Our Problem: When adding the ACE4710 Appliance to the ANM imported Device List, we use the ACE's NATed Admin Context IP. Import works well, but ANM reflects the Admin Context IP with it's real configured IP. Polling the ACE Appliance does not work therefore.
Is there a possibility of telling the ANM, that the ACE has to be polled through a NATed IP? I could not find a field to set a NATed Mgmt IP.
Configured IP on ACE Admin Context: 192.168.0.10
NATed ACE Admin Context IP: 172.16.0.10
Imported ACE with IP 172.16.0.10 into ANM, but ANM polls for Rserver, Vserver, Probes, etc. via 192.168.0.10 - which is not reachable from the ANM.
View 2 Replies
View Related
Apr 25, 2012
I have an DLINK-dir 815 router.. I have tried for 10 hours to get broadcast IP to work, no luck.. All html/javascript modifications = no luck..The WOL works on LAN, but not over internet, so I figure it's the broadcast IP that needs to be virtual servered?
View 9 Replies
View Related
Mar 20, 2011
I wonder what the difference is between the virtual server and the port forwarding because the router I was using previously had only port forwarding. When should I use virtual server instead of port forwarding?
View 1 Replies
View Related
Nov 29, 2012
I have DIR-601 wireless router with two computers connected: Server (192.168.1.2) and Client (192.168.1.3 on Ethernet Port and 192.168.1.4 on Wireless)
I also use dlinkddns.com and my router's public IP is mapped as abc.dlinkddns.com.
In the router Virtual Server section, it is configured as:
Public Port: 3389 (for Remote Desktop)
Private Port: 3389
IP Address: 192.168.1.2 (server's IP)
I am expecting this to allow the client to access the server via windows Remote Desktop.
The current situation is:
- When wireless is on, the client can access the server's Remote Desktop
- When wireless is off and client is connected by wired Ethernet, the client cannot connect to the server's remote desktop. After timeout, the error msg is "Remote Desktop can't connect to the remote computer for one of these reasons: ...".
- When the client is in another network, it can connect to the server through the Internet.
I am sure it's not the client's problem because it can access via wireless or remotely from another network. It's not the router's virtual server config problem for the same reasons. Will it be a bug in the router? (hardware version: B1, firmware version: 2.00NA).
View 1 Replies
View Related
Jul 23, 2012
I put multiple rservers in multiple server farms?
So for example rserver1 and rserver2 are put in serverfarm production1 and are in use with particular sticky and load balancing settings.
Can I then create serverfarm test_production and put both rserver1 and rserver2 in it? Then play around with the sticky and load balancing settings as a test without affecting the production serverfarm.
View 1 Replies
View Related
Feb 16, 2012
I'm trying to design a CSS configuration that allows servers in the same vlan to be the source and destination of load-balanced traffic. My thought is to add two new vlans, one for the VIPs and one for the servers, then NAT the source IPs going from the LB to the servers.
Is this the right way to do it?I've never NATted using CSSs, so I wanted to verify what I'm thinking.Our current config trunks the vlans -
interface 1/1
trunk
vlan 1
default-vlan
vlan 555
[code]....
View 3 Replies
View Related
Aug 6, 2011
I get stuck in a problem,What can be the reason for not working my configuration or any other reason that can be .
[CODE].....
View 4 Replies
View Related
