Balancing From Behind CSS

I have a basic two int configuration CSS with web servers and email behind CSS both of which should be load balanced. So say on the outside there's a VIP smtp and another web. And inside there are servers/services web1 10.10.105, web2 10.10.10.106, mail1 10.10.10.107, mail2 10.10.10.108 and outside content rule
smtp 172.22.1.10 with mail1 and mail2 associated and content rule web 172.22.1.11 with web1 and web2 associated.
Now if mail2 wants to make an http post to web whose vip is on the outside interface - is this possible?

Yes, smtp servers behind the CSS can make request for HTTP servers thru the VIP and viceversa.
You need to consider that since all servers are on the same subnet, the destination server (HTTP server on this case) will not answer thru the CSS but directly to the source server (or HTTP client for this flow) which would cause an asymmetric flow issue.
So you need to have the CSS doing source NATing with the use of a Group and the command "add destination server".
Hope it helps!!
Diego M

Similar Messages

  • Active/passive servers behind CSS

    Hi,
    I have 2 servers behind CSS, instead of doing load lancing , we need to work both servers as active/passive mode, mean if active server down then only second sever will serve.We can not move servers from behind css.
    Please advice if this can be possible.
    Regards,

    you will need to use the "sorry server" feature in CSS to acheive that
    Sample Config
    !********* SERVICE *****************
    service serverA
    ip address x.x.x.1
    active
    service serverB
    ip address x.x.x.2
    active
    !********** OWNER ****************
    owner SYED
    content EXAMPLE
    vip address 1.1.1.1
    port 80
    protocol tcp
    add service serverA
    primarySorryServer ServerB
    active
    HTH
    Syed Iftekhar Ahmed

  • Load balancing PPTP (Windows 2003) behind CSS 11500

    I am wondering if you can load balance PPTP service (TCP port 1723 and GRE) behind CSS 11500, please let me know if anyone as experience with this setup.
    Irfan
    [email protected]

    No. I dont think you can load balance PPTP service behind CSS 11500.

  • NAT and Servers behind CSS 11501

    All,
    Please forgive my asking this question again. I was injured shortly after asking the last time and out of work for a long period of time.
    My problem stems from needing to allow my web servers to initiate traffic to the outside world from behind our CSS boxes.
    The web servers sit behind a pair of CSS 11501 content switches in Active-Passive ASR with fate sharing. We are only interested at this time with load balancing HTTP and HTTPS.
    Everything works inbound no problem.
    What I need to do is setup some type of NAT for my 3 web servers to initiate HTTP/HTTPS for patches, send SMTP from the web apps, and initiate HTTPS for credit card validation.
    I have setup NAT on PIX units and routers no problem, but I seem to be unable to do it on these boxes. :(
    In reality something as simple as a PAT translation on the outside of the CSS boxes should be sufficient.
    Is this possible with our setup? Does anyone have some code examples?
    Thanks in advance.
    Addresses changed to protect the innocent:
    Load Balancer 1:
    !*************************** GLOBAL ***************************
    bridge spanning-tree disabled
    sntp server 1.1.1.41 version 1
    snmp community noway read-only
    snmp community noway read-write
    app session 1.1.1.252
    app
    logging subsystem netman level info-6
    dns primary 2.2.2.41
    dns secondary 2.2.2.42
    ip route 0.0.0.0 0.0.0.0 1.1.1.1 1
    !************************* INTERFACE *************************
    interface e1
    phy 100Mbits-FD
    description "Connect to Primary DMZ 1 3550 Switch"
    interface e2
    bridge vlan 2
    phy 100Mbits-FD
    description "Connected to Primary LB Server Switch"
    interface e8
    description "Inter Switch Communication (ISC) Port"
    isc-port-one
    !************************** CIRCUIT **************************
    circuit VLAN1
    description "DMZ 1 Subnet (1.1.1.x/24)"
    ip address 1.1.1.251 255.255.255.0
    ip virtual-router 1 priority 254 preempt
    ip redundant-interface 1 1.1.1.250
    ip redundant-vip 1 1.1.1.161
    ip redundant-vip 1 1.1.1.162
    ip redundant-vip 1 1.1.1.70
    ip redundant-vip 1 1.1.1.71
    ip redundant-vip 1 1.1.1.72
    ip critical-service 1 upstream_downstream
    circuit VLAN2
    description "Load Balanced Servers Subnet"
    ip address 2.2.2.2 255.255.255.0
    ip virtual-router 2 priority 254 preempt
    ip redundant-interface 2 2.2.2.1
    ip critical-service 2 upstream_downstream
    Various Services, Owners and Content
    Load Balancer 2:
    !*************************** GLOBAL ***************************
    bridge spanning-tree disabled
    sntp server 1.1.1.41 version 1
    snmp community noway read-only
    snmp community noway read-write
    app session 1.1.1.251
    app
    logging subsystem netman level info-6
    dns primary 2.2.2.41
    dns secondary 2.2.2.42
    ip route 0.0.0.0 0.0.0.0 1.1.1.1 1
    !************************* INTERFACE *************************
    interface e1
    phy 100Mbits-FD
    description "Connect to Secondary DMZ 1 3550 Switch"
    interface e2
    bridge vlan 2
    phy 100Mbits-FD
    description "Connected to Secondary LB Server Switch"
    interface e8
    description "Inter Switch Communication (ISC) Port"
    isc-port-one
    !************************** CIRCUIT **************************
    circuit VLAN1
    description "DMZ 1 Subnet (1.1.1.x/24)"
    ip address 1.1.1.252 255.255.255.0
    ip virtual-router 1
    ip redundant-interface 1 1.1.1.250
    ip redundant-vip 1 1.1.1.161
    ip redundant-vip 1 1.1.1.162
    ip redundant-vip 1 1.1.1.70
    ip redundant-vip 1 1.1.1.71
    ip redundant-vip 1 1.1.1.72
    ip critical-service 1 upstream_downstream
    circuit VLAN2
    description "Load Balanced Servers Subnet"
    ip address 2.2.2.3 255.255.255.0
    ip virtual-router 2
    ip redundant-interface 2 2.2.2.1
    ip critical-service 2 upstream_downstream
    Various Services, Owners and Content.

    Gilles,
    I added the following commands, and things seem to be working.
    To circuit VLAN1
    ip redundant-vip 1 1.1.1.80
    !*************************** GROUP ***************************
    group natout
    vip address 1.1.1.80
    add service nat_web_servers
    active
    service nat_web_servers
    ip address 192.168.1.10 range 3
    active
    I do have a question about the above service commands.
    I have 3 servers behind the CSS. Let's call them 192.168.1.10, 192.168.1.11 and 192.168.1.12. Am I correct in my thinking that adding range 3 then allows a match on all 3 of those servers and the CSS will then PAT these servers from the VIP address assigned to the group?
    Otherwise, I think you have resolved this problem for us. Thank you.

  • How to reach real servers direcly behind CSS?

    Hi,
    I have a webserver in DMZ behind Application firewall and CSS.Now I need to reach real server behind CSS directly. Basicaly this is required for developers and also real server to comminicate to APP and DB servers within our network.
    Kinsly suggest.
    Regards
    KP

    KP,
    This all depends on how you have this setup.  As long as the real servers have routeable
    addresses you should be able to directly access the reals.  The most common reason
    for this failing is simply due to routing (i.e. using private ip addresses).
    If the reals are using private addresses then you could also create content rules
    with public virtual ip addresses and perform a one-to-one load balancing setup
    to be able to directly access the servers.
    -Chip
    If this answers your question please mark this as Answered.

  • HT2589 can i transfer a credit balance from one itunes account to another

    hi
    helped my grandson set up his ipod but had trouble setting up his account so used mine so at the moment is using mine so his credit is on my account but i have got to open an account for him am i able to transfer the balance to a new itune account and not loose what he has downloaded on his ipod ?

    It's not currently possible to transfer an account's balance from one account to another account, nor to use it to gift items to another account. Also any content that was bought/downloaded via your account will remain tied to your account, so your account will need to be authorised on the computer that he will be syncing to, and only your account will be able to re-download that content and/or download updates to those apps.

  • HT2736 How can I transfer a gift balance from one apple id to another?

    I have changed iphones and created a new apple ID.  How can I transfer a gift card balance from one apple ID to another.  I tried using Itune Gift but it requires the use of a credit card not a gift card.  Any ideas?

    You can't currently transfer an account's balance from one account to another, nor can you use it to gift content. You shoudl be able to use your old account on your new phone, it's generally best just to have the one iTunes account

  • HT5035 Can I transfer a gift card balance from one itunes account to another?

    Can I transfer a gift card balance from one itunes account to another?

    iTunes Store Terms of Sale:
    "Gift Certificates, iTunes Cards, Content Codes, and Allowances, in addition to unused balances, are not redeemable for cash and cannot be returned for a cash refund (except as required by law); exchanged; resold; used to purchase Gifts, Gift Certificates, or iTunes Cards; used to provide Allowances; used for purchases on the Apple Online Store; or used in Apple Retail Stores. Unused balances are not transferable."
    http://www.apple.com/legal/itunes/ww

  • Transfer balance from one GL account to another, then restict posting

    Hi Gurus,
    We have an GL account (650045) showing balances ($ 4656)  and client wants to this balance to another GL account ( 650198) and close then 650045 and see that no postings are allowed in 650045.
    Can you please let me know how to do this transfer and then i need to close and resist postings to 650045.
    Thanks for your help, i will assign good points.
    Thanks
    Prashanth

    Dear Prashanth,
    You can use a transaction F-02 to transfer the balance. Follow the steps below:
    open a new GL account where th bal has to be transfered.
    take out the exact balance from old GL to be transfered
    Considering that u have a debit bal in old GL & have to transfer the same, the the entry u will pass thru F-02:
    'New GL' A/C   - Dr  - xxxx (posting key - 40)
       To 'Old GL' A/c          - xxxx (posting key - 50)
    This will pass on ur bal from one GL to another.
    Once done go to FS00, open the old GL. On the top right hand u have a symbol of 'lock'. click on to that. A screen will open with details as ... block for posting, block for creation, block for planning ...
    tick the option of block for posting in both chart of accounts & for company code.
    Hope this will solve ur pob.
    Regards,
    Ajay

  • HT2736 Can I transfer a balance from one iTunes account to another

    I mistakenly loaded a gift card into the wrong account. Can I move a balance from one account to another?

    Click here and request assistance.
    (79083)

  • How can i remove an unwanted store balance from my account

    how can i remove an unwanted store balance from my account

    If you can't spend it then you can try contacting iTunes support and ask if they can remove the balance from ir for you : http://www.apple.com/support/itunes/contact/- click on Contact iTunes Store Support on the right-hand side of the page.

  • I have $8.05 balance on my gift card. I tried to buy an app more expensive than that so i had to add my credit card to the apple account. But I couldn't use the balance from the gift card anymore. How can I select to use it? or did I lose it?

    I  have $8.05 balance on my gift card. I tried to buy an app more expensive than that so i had to add my credit card to the apple account. But I couldn't use the balance from the gift card anymore. How can I select to use it? or did I lose it?

    The Apple Support Communities are an international user to user technical support forum. As a man from Mexico, Spanish is my native tongue. I do not speak English very well, however, I do write in English with the aid of the Mac OS X spelling and grammar checks. I also live in a culture perhaps very very different from your own. When offering advice in the ASC, my comments are not meant to be anything more than helpful and certainly not to be taken as insults.
    The MAS should use any credits first and then apply the remainder to a listed bank card.

  • Problem accessing https Web service from behind proxy

    Hi all,
    I have this constant timeout issue which occurs whenever I try to access the Web service from behind a proxy.
    Find below the error logs -
    AxisFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
    faultSubcode:
    faultString: java.net.ConnectException: Connection timed out: connect
    faultActor:
    faultNode:
    faultDetail:
    {http://xml.apache.org/axis/}stackTrace:java.net.ConnectException: Connection timed out: connect
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
    at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
    at java.net.Socket.connect(Socket.java:452)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at org.apache.axis.components.net.DefaultSocketFactory.create(DefaultSocketFactory.java:136)
    at org.apache.axis.components.net.DefaultSocketFactory.create(DefaultSocketFactory.java:100)
    at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:129)
    at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:389)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:87)
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:144)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2688)
    at org.apache.axis.client.Call.invoke(Call.java:2671)
    at org.apache.axis.client.Call.invoke(Call.java:2357)
    at org.apache.axis.client.Call.invoke(Call.java:2280)
    at org.apache.axis.client.Call.invoke(Call.java:1741)
    I am using Tomcat 5.0.19 . Could anyone suggest a possible solution to the same?
    The system works fine when I use a http endpoint.

    Hi,
    By default, your application tries to connect to the Net directly : if you have to specify a proxy, use either these lines in your code :
    System.setProperty("http.proxySet", "true");
    System.setProperty("http.proxyHost", "proxy");
    System.setProperty("http.proxyPort", "8080");
    Or specify them in the command line with the "-D"option.
    Ex : java .... -Dhttp.proxySet=true .... MyApp
    Hope it helps.
    See ya

  • Itunes won't recognize my balance from a purchased gift card so I cannot buy any new songs

    itunes won't recognize my balance from a gift card & won't let me purchase anything from the itunes store. How do I fix this?

    I have a similar issue.  CD's I purchased were downloaded to ITunes years ago and used on my 1G and 2G Ipods and 3gs Iphone.  They are still on my ITunes but won't sync to my I phone 5.  curious if this is a licensing issue or flaw in the system.  Would love to hear my old CD purchased music without having to buy new digital music. Any insight to this situation would be great.

  • How can I bend an object to come from behind a page?

    I am trying to take the branch below and give it a "wrap around" effect so it looks like it is coming from behind the background.
    Very much like this:
    Are there any tools I could use to take the existing image and give it that appearance or would I have to manually draw in the effect?

    Take the blue background and put it on its own layer, so the branch is a seperate layer from the background. Now you can scale the background or apply a mask to it.
    For the branch just apply a drop shadow style to that layer, play with the opacity, position and the highlight/shadow values.

Maybe you are looking for

  • Can't open keyboard/preferences in lion

    HI, I've downloaded lion over the week-end. Installation went ok but I am getting a few strange behaviors: 1- When selecting "shut down" from my account nothing happens. I have to first log out and then log out!! 2- When trying to access system prefe

  • C7250 All in one Wireless radio not working

    I have a C7250 All in one printer that suddenly the wireless stopped working.  I ran the wireless test and it says the radio is on but the radio fails. The wireless LED is on, any suggestion on what could be the problem?

  • How do I make kde4.8 use a socks5 proxy?

    Hi all, I'm trying to channel all my traffic through tor but KDE doesn't seem to recognize my proxy settings. To set up the proxy, I went to System Settings -> Network Settings -> Proxy -> Use manually specified proxy configuration and set the value

  • How to trigger Process after Event

    Hi, I am trying to trigger a PC after an Event. This event is another PC variant. I know this will be Event= RSPROCESS but, How to get the value for Parameter. Thanks in Advance

  • SCCM 2007 - Uninstall user rights installed program

    We are facing some issue when we want to uninstall Programs in Windows 7 which have been installed with the logged on user's rights. We are using SCCM 2007 and have packages installing "Only when a user is logged on" and "Run with user rights". We di