RE: Css 15101

From: Reisner, Tim (TR126568@ncr.com)
Date: Fri Sep 10 2004 - 11:57:51 GMT-3

• Next message: McCallum, Robert: "RE: Multicast verification"
• Previous message: Mustak.Yunus@syntegra.com: "RE: Css 15101"
• Maybe in reply to: Cocimano, Francesco: "Css 15101"
• Next in thread: Nawaz, Ajaz: "RE: Css 15101"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 The port and protocol do not need to be specified - they default to any.

regards,
Tim Reisner
CCIE #10418
CCNP CCDA
NCR Corp.
High Availability Networking Global Support Center
Phone: (763)535-3274
Cell: (763)227-3179
Email: Tim.Reisner@ncr.com

-----Original Message-----
From: Mustak.Yunus@syntegra.com [mailto:Mustak.Yunus@syntegra.com]
Sent: Friday, September 10, 2004 9:37 AM
To: Cocimano, Francesco; ccielab@groupstudy.com
Subject: RE: Css 15101

You need both protocol tcp and port 80 under the content rule and the
services PDPAS003/4.

Mustak

-----Original Message-----
From: dusth@comcast.net [mailto:dusth@comcast.net]
Sent: 10 September 2004 15:24
To: Bhavin Patel; 'Cocimano, Francesco'; ccielab@groupstudy.com
Subject: RE: Css 15101

Francesco,
You need both protocol tcp and port 80 under the content rule.
Dusitn

-------------- Original message --------------

> Hello Francesco,
>
> Just curious as to why you are trying to telnet to the service IP. Are
> you trying to log in to the servers?
>
> Also noticed that you have not assigned any protocol or port to the
"content
> E-learning" and also to services "PDPAS003" and "PDPAS004".
>
> Regards,
> Bhavin
>
>
> -----Original Message-----
> From: Cocimano, Francesco [mailto:FC183400@NCR.COM]
> Sent: Friday, September 10, 2004 6:06 AM
> To: ccielab@groupstudy.com
> Subject: Css 15101
>
>
> Hi,
> our customer has a problem with a CSS 11501. Details, network picture and
> configurations follow:
> If we open a telnet port 80 connection from switch with IP address
> 213.175.28.5 to virtual IP addess of CSS 213.175.28.19, the CSS
> forwards
the
> connection to one of two servers ( for example the 213.175.28.143 )
> but the

> response from the server has as destination IP address 213.175.28.5
> and not

> the virtual IP address of CSS, so it is impossible to get a connection. >
The CSS doesn`t replace the source IP address with the virtual IP address.
> Is it a problem of design not supported to CSS or is a software bug?
> Many thanks
> Francesco
> PINLD001-a# show run
> !Generated on 09/09/2004 10:01:28
> !Active version: sg0720405
>
> configure
>
>
> !*************************** GLOBAL ***************************
> setspan src_port e1 dest_port e2 copyBoth no restrict web-mgmt sntp
> server 213.175.2.7 version 2 sntp poll-interval 90 username ********
> des-password zfyc4bfgtaxdxfqasewe4fcbmeaabcgd superuser > restrict ssh
> no restrict xml idle timeout 1 idle timeout web-mgmt 1
>
> snmp trap-type enterprise
>
> snmp trap-host 10.253.8.13 ++++++++
> snmp community +++++++ read-only
> snmp trap-host 10.253.8.10 ++++++
> snmp trap-type generic
> snmp auth-traps
> snmp location "La rustica"
> snmp trap-type enterprise login-failure snmp trap-type enterprise
> redundancy-transition snmp trap-type enterprise service-transition
> snmp trap-type enterprise reload snmp trap-type enterprise
> chmgr-ps-transition snmp trap-type enterprise chmgr-module-transition
> snmp trap-type enterprise isc-lifetick-failure snmp name "PINLD001-a"
>
> logging buffer 50000
>
> ip route 0.0.0.0 0.0.0.0 10.253.18.249 1
>
> !************************* INTERFACE *************************
> interface e1 phy 100Mbits-FD description "Collegamento al PIX"
>
> interface e2
> phy 100Mbits-FD
> description "Porta Di Monitoring"
>
> interface e3
> phy 100Mbits-FD
> description "Collegamento tra CSS"
>
> interface e4
> admin-shutdown
>
> interface e5
> bridge vlan 2
> description "PDPDC001 eth1"
>
> interface e6
> admin-shutdown
>
> interface e7
> admin-shutdown
>
> interface e8
> admin-shutdown
>
> interface e9
> admin-shutdown
>
> !************************** CIRCUIT ************************** circuit
> VLAN1
>
> ip address 10.253.18.253 255.255.255.248 ip virtual-router 1 priority
> 200 preempt ip redundant-interface 1 10.253.18.252
>
> circuit VLAN2
>
> ip address 213.175.28.2 255.255.255.128 ip virtual-router 2 priority
> 200 preempt ip redundant-interface 2 213.175.28.1
>
> !************************** SERVICE ************************** service
> PDPAS003 keepalive port 80 ip address 213.175.28.143 active
>
> service PDPAS004
> keepalive port 80
> ip address 213.175.28.144
> active
>
> service PDPWB001
> ip address 213.175.28.21
> keepalive type ssl
> active
>
> service PDPWB002
> ip address 213.175.28.22
> keepalive type ssl
> active
>
> !*************************** OWNER *************************** owner
> Protocollo
>
> content E-learning
> add service PDPAS003
> add service PDPAS004
> vip address 213.175.28.19
> balance srcip
> active
>
> content PDPWB000Virtuale
> add service PDPWB002
> add service PDPWB001
> vip address 213.175.28.20
> sticky-inact-timeout 30
> balance srcip
> active
>
> content Prova_SSL
> port 443
> protocol tcp
> add service PDPWB001
> add service PDPWB002
> vip address 213.175.28.20
> advanced-balance ssl
> sticky-inact-timeout 10
> param-bypass enable
>
> PINLD001-a#
> PINLD001-b# show run
> !Generated on 09/09/2004 10:05:24
> !Active version: sg0720405
>
> configure
>
>
> !*************************** GLOBAL ***************************
> setspan src_port e1 dest_port e2 copyBoth no restrict xml no restrict
> web-mgmt restrict ssh sntp server 213.175.2.7 version 2 sntp
> poll-interval 90 username +++++++++ des-password
> zfyc4bfgtaxdxfqasewe4fcbmeaabcgd superuser
>
>
> snmp trap-type enterprise
>
> snmp trap-host 10.253.8.13 ++++++++
> snmp trap-type generic
> snmp auth-traps
> snmp location "La rustica"
> snmp name "PINLD001-b"
> snmp trap-type enterprise login-failure snmp trap-type enterprise
> redundancy-transition snmp trap-type enterprise service-transition
> snmp trap-type enterprise reload snmp trap-type enterprise
> chmgr-ps-transition snmp trap-type enterprise chmgr-module-transition
> snmp trap-type enterprise isc-lifetick-failure snmp trap-host
> 10.253.8.10 ++++++++ snmp community ++++++ read-only
>
> logging buffer 50000
>
> ip route 0.0.0.0 0.0.0.0 10.253.18.249 1
>
> !************************* INTERFACE *************************
> interface e1 description "Porta di coll. PIX-b"
> phy 100Mbits-FD
>
> interface e2
> description "Porta di Monitoring"
> phy 100Mbits-FD
>
> interface e3
> description "Collegamento tra CSS"
> phy 100Mbits-FD
>
> interface e4
> phy 100Mbits-FD
>
> interface e5
> bridge vlan 2
> description "PDPDC001 eth2"
>
> interface e6
> bridge vlan 2
> description "PDPDC002 eth2"
>
> interface e7
> bridge vlan 2
> description "PDPWB001 eth2"
>
> interface e8
> bridge vlan 2
> description "PDPWB002 eth2"
>
> interface e9
> bridge vlan 2
>
> !************************** CIRCUIT ************************** circuit
> VLAN1
>
> ip address 10.253.18.254 255.255.255.248 ip virtual-router 1 ip
> redundant-interface 1 10.253.18.252
>
> circuit VLAN2
>
> ip address 213.175.28.3 255.255.255.128 ip virtual-router 2 ip
> redundant-interface 2 213.175.28.1
>
> !************************** SERVICE ************************** service
> PDPAS003 keepalive port 80 ip address 10.253.18.251 active
>
> service PDPAS004
> keepalive port 80
> ip address 213.175.28.144
> active
>
> service PDPWB001
> ip address 213.175.28.21
> keepalive type ssl
> active
>
> service PDPWB002
> ip address 213.175.28.22
> keepalive type ssl
> active
>
> !*************************** OWNER *************************** owner
> Protocollo
>
> content E-learning
> add service PDPAS003
> add service PDPAS004
> vip address 213.175.28.19
> balance srcip
> active
>
> content PDPWB000Virtuale
> add service PDPWB002
> add service PDPWB001
> vip address 213.175.28.20
> sticky-inact-timeout 30
> balance srcip
> active
>
> content Prova_SSL
> add service PDPWB001
> add service PDPWB002
> protocol tcp
> port 443
> vip address 213.175.28.20
> balance srcip
> advanced-balance ssl
> sticky-inact-timeout 10
> param-bypass enable
>
> [GroupStudy removed an attachment of type application/octet-stream
> which
had
> a name of schema.vsd]
>
> ______________________________________________________________________
> _ > Please help support GroupStudy by purchasing your study materials
> from: > http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ > Please help support GroupStudy by purchasing your study materials
> from: > http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: McCallum, Robert: "RE: Multicast verification"
• Previous message: Mustak.Yunus@syntegra.com: "RE: Css 15101"
• Maybe in reply to: Cocimano, Francesco: "Css 15101"
• Next in thread: Nawaz, Ajaz: "RE: Css 15101"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:41 GMT-3