From: Mustak.Yunus@syntegra.com
Date: Fri Sep 10 2004 - 11:36:47 GMT-3
You need both protocol tcp and port 80 under the content rule and the
services PDPAS003/4.
Mustak
-----Original Message-----
From: dusth@comcast.net [mailto:dusth@comcast.net]
Sent: 10 September 2004 15:24
To: Bhavin Patel; 'Cocimano, Francesco'; ccielab@groupstudy.com
Subject: RE: Css 15101
Francesco,
You need both protocol tcp and port 80 under the content rule.
Dusitn
-------------- Original message --------------
> Hello Francesco,
>
> Just curious as to why you are trying to telnet to the service IP. Are you
> trying to log in to the servers?
>
> Also noticed that you have not assigned any protocol or port to the
"content
> E-learning" and also to services "PDPAS003" and "PDPAS004".
>
> Regards,
> Bhavin
>
>
> -----Original Message-----
> From: Cocimano, Francesco [mailto:FC183400@NCR.COM]
> Sent: Friday, September 10, 2004 6:06 AM
> To: ccielab@groupstudy.com
> Subject: Css 15101
>
>
> Hi,
> our customer has a problem with a CSS 11501. Details, network picture and > configurations follow:
> If we open a telnet port 80 connection from switch with IP address
> 213.175.28.5 to virtual IP addess of CSS 213.175.28.19, the CSS forwards
the
> connection to one of two servers ( for example the 213.175.28.143 ) but the
> response from the server has as destination IP address 213.175.28.5 and not
> the virtual IP address of CSS, so it is impossible to get a connection. > The CSS doesn`t replace the source IP address with the virtual IP address.
> Is it a problem of design not supported to CSS or is a software bug?
> Many thanks
> Francesco
> PINLD001-a# show run
> !Generated on 09/09/2004 10:01:28
> !Active version: sg0720405
>
> configure
>
>
> !*************************** GLOBAL ***************************
> setspan src_port e1 dest_port e2 copyBoth
> no restrict web-mgmt
> sntp server 213.175.2.7 version 2
> sntp poll-interval 90
> username ******** des-password zfyc4bfgtaxdxfqasewe4fcbmeaabcgd superuser > restrict ssh
> no restrict xml
> idle timeout 1
> idle timeout web-mgmt 1
>
> snmp trap-type enterprise
>
> snmp trap-host 10.253.8.13 ++++++++
> snmp community +++++++ read-only
> snmp trap-host 10.253.8.10 ++++++
> snmp trap-type generic
> snmp auth-traps
> snmp location "La rustica"
> snmp trap-type enterprise login-failure
> snmp trap-type enterprise redundancy-transition
> snmp trap-type enterprise service-transition
> snmp trap-type enterprise reload
> snmp trap-type enterprise chmgr-ps-transition
> snmp trap-type enterprise chmgr-module-transition
> snmp trap-type enterprise isc-lifetick-failure
> snmp name "PINLD001-a"
>
> logging buffer 50000
>
> ip route 0.0.0.0 0.0.0.0 10.253.18.249 1
>
> !************************* INTERFACE *************************
> interface e1
> phy 100Mbits-FD
> description "Collegamento al PIX"
>
> interface e2
> phy 100Mbits-FD
> description "Porta Di Monitoring"
>
> interface e3
> phy 100Mbits-FD
> description "Collegamento tra CSS"
>
> interface e4
> admin-shutdown
>
> interface e5
> bridge vlan 2
> description "PDPDC001 eth1"
>
> interface e6
> admin-shutdown
>
> interface e7
> admin-shutdown
>
> interface e8
> admin-shutdown
>
> interface e9
> admin-shutdown
>
> !************************** CIRCUIT **************************
> circuit VLAN1
>
> ip address 10.253.18.253 255.255.255.248
> ip virtual-router 1 priority 200 preempt
> ip redundant-interface 1 10.253.18.252
>
> circuit VLAN2
>
> ip address 213.175.28.2 255.255.255.128
> ip virtual-router 2 priority 200 preempt
> ip redundant-interface 2 213.175.28.1
>
> !************************** SERVICE **************************
> service PDPAS003
> keepalive port 80
> ip address 213.175.28.143
> active
>
> service PDPAS004
> keepalive port 80
> ip address 213.175.28.144
> active
>
> service PDPWB001
> ip address 213.175.28.21
> keepalive type ssl
> active
>
> service PDPWB002
> ip address 213.175.28.22
> keepalive type ssl
> active
>
> !*************************** OWNER ***************************
> owner Protocollo
>
> content E-learning
> add service PDPAS003
> add service PDPAS004
> vip address 213.175.28.19
> balance srcip
> active
>
> content PDPWB000Virtuale
> add service PDPWB002
> add service PDPWB001
> vip address 213.175.28.20
> sticky-inact-timeout 30
> balance srcip
> active
>
> content Prova_SSL
> port 443
> protocol tcp
> add service PDPWB001
> add service PDPWB002
> vip address 213.175.28.20
> advanced-balance ssl
> sticky-inact-timeout 10
> param-bypass enable
>
> PINLD001-a#
> PINLD001-b# show run
> !Generated on 09/09/2004 10:05:24
> !Active version: sg0720405
>
> configure
>
>
> !*************************** GLOBAL ***************************
> setspan src_port e1 dest_port e2 copyBoth
> no restrict xml
> no restrict web-mgmt
> restrict ssh
> sntp server 213.175.2.7 version 2
> sntp poll-interval 90
> username +++++++++ des-password zfyc4bfgtaxdxfqasewe4fcbmeaabcgd superuser
>
>
> snmp trap-type enterprise
>
> snmp trap-host 10.253.8.13 ++++++++
> snmp trap-type generic
> snmp auth-traps
> snmp location "La rustica"
> snmp name "PINLD001-b"
> snmp trap-type enterprise login-failure
> snmp trap-type enterprise redundancy-transition
> snmp trap-type enterprise service-transition
> snmp trap-type enterprise reload
> snmp trap-type enterprise chmgr-ps-transition
> snmp trap-type enterprise chmgr-module-transition
> snmp trap-type enterprise isc-lifetick-failure
> snmp trap-host 10.253.8.10 ++++++++
> snmp community ++++++ read-only
>
> logging buffer 50000
>
> ip route 0.0.0.0 0.0.0.0 10.253.18.249 1
>
> !************************* INTERFACE *************************
> interface e1
> description "Porta di coll. PIX-b"
> phy 100Mbits-FD
>
> interface e2
> description "Porta di Monitoring"
> phy 100Mbits-FD
>
> interface e3
> description "Collegamento tra CSS"
> phy 100Mbits-FD
>
> interface e4
> phy 100Mbits-FD
>
> interface e5
> bridge vlan 2
> description "PDPDC001 eth2"
>
> interface e6
> bridge vlan 2
> description "PDPDC002 eth2"
>
> interface e7
> bridge vlan 2
> description "PDPWB001 eth2"
>
> interface e8
> bridge vlan 2
> description "PDPWB002 eth2"
>
> interface e9
> bridge vlan 2
>
> !************************** CIRCUIT **************************
> circuit VLAN1
>
> ip address 10.253.18.254 255.255.255.248
> ip virtual-router 1
> ip redundant-interface 1 10.253.18.252
>
> circuit VLAN2
>
> ip address 213.175.28.3 255.255.255.128
> ip virtual-router 2
> ip redundant-interface 2 213.175.28.1
>
> !************************** SERVICE **************************
> service PDPAS003
> keepalive port 80
> ip address 10.253.18.251
> active
>
> service PDPAS004
> keepalive port 80
> ip address 213.175.28.144
> active
>
> service PDPWB001
> ip address 213.175.28.21
> keepalive type ssl
> active
>
> service PDPWB002
> ip address 213.175.28.22
> keepalive type ssl
> active
>
> !*************************** OWNER ***************************
> owner Protocollo
>
> content E-learning
> add service PDPAS003
> add service PDPAS004
> vip address 213.175.28.19
> balance srcip
> active
>
> content PDPWB000Virtuale
> add service PDPWB002
> add service PDPWB001
> vip address 213.175.28.20
> sticky-inact-timeout 30
> balance srcip
> active
>
> content Prova_SSL
> add service PDPWB001
> add service PDPWB002
> protocol tcp
> port 443
> vip address 213.175.28.20
> balance srcip
> advanced-balance ssl
> sticky-inact-timeout 10
> param-bypass enable
>
> [GroupStudy removed an attachment of type application/octet-stream which
had
> a name of schema.vsd]
>
> _______________________________________________________________________ > Please help support GroupStudy by purchasing your study materials from: > http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________ > Please help support GroupStudy by purchasing your study materials from: > http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:41 GMT-3