Can members in a pool be on different subnets using CSM

Hello. We have recently been investigating load balancing devices, and were almost set on F5. We then overhauled our core network, including replacing one 4507R with 2 6500's, outfitted with Sup720's and FWSM modules.
Now, we are seriously thinking about investing in the CSM or ACE module instead of the F5. I was wondering if the servers in my virtual pool can be on different subnets?
For example, the user is looking for a web server with an IP of 192.168.110.1. This virtual ip is setup on the CSM module, and contains three physical servers, 192.168.110.10, 192.168.110.20, and 10.10.10.1 (server in a different data center, only to be used if the two primary servers go down). Will this work, or do all members in the pool need to be on the same subnet?
Thanks.

I would recommend the following test results published by veritest
http://www.lionbridge.com/NR/rdonlyres/5518CDEC-0D57-446E-8E3D-2AE73DCB7EEF/0/csm_comparison.pdf
Gilles.

Similar Messages

  • Can I play separate music content to different speakers using Airplay via the Airport Express?

    Can I play separate music content to different speakers using Airplay via Airport Express?

    If you mean can you simultaneously stream different audio sources to multiple speakers the answer is no. You can only stream a single source to one or more speakers.

  • Ironport not allowing different subnet using cisco dhcp

    Recently i configured new vlan on remote site and directed it to backup  link, but strange thing is our wireless clients proxy is working and lan  connected pcs proxy is not working,
    Ironport is working on default vlan, microsoft dhcp server but i created  different vlan and configured dhcp on cisco but it is not allowing  access that subnet. using wccp redirect on the interface.
    we configured NTLM authentication connecting to AD, the problem is the  clients which are different vlan is not in AD, and AD pc in different  vlan is working only non AD denied actually we configured guest on  authenticaion, and also that subnet is placing remote site and our main  site's unknown pcs are accessing throught guest no problem, 2nd thing is  main vlan uses MS server 2003 dhcp pool and working non AD users, im  using switch own dhcp pool for vlan 200, is it conflict? and when i put  ironport ip on IE's proxy setting it is working
    How to fix it?

    Network Side:   
                           ---->Cisco 2800-1 (Gre Configured) --> Sat Link-->Cisco 2800-2(Gre Configured)--->
    End Users->1-L3->                                                                                                  ---->L3-2(WCCP)---Ironport
                           ---->Cisco 2800-3 (MPLS Configured ) --> Sat Link-->Cisco 2800-4(MPLS Configured)--->
    Our network is like this, so through MPLS everything is working fine. The problem is on backup.
    End users --> VLAN 1, VLAN 200  and VLAN 1 is default and our AD users, AD users working okay but looks like depending on some operating system Win XP, Win 7 some of them not working, and for VLAN 200 is all unknown pc.
    1-L3 doing only routing role.
    Cisco 2800-1 and 2800-2 both also configured routing and Gre tunnel.
    Cisco 2800-1 Configs
    crypto isakmp policy 2
    encr 3des
    authentication pre-share
    crypto isakmp key *** address 10.1.9.254
    crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec profile VPN
    set transform-set 3DES-SHA
    interface Loopback0
    ip address 1.2.2.1 255.255.255.252
    interface Tunnel0
    bandwidth 1024
    ip address 10.1.9.250 255.255.255.252
    ip mtu 1300
    tunnel source 10.2.9.254
    tunnel mode ipsec ipv4
    tunnel destination 10.1.9.254
    tunnel protection ipsec profile VPN
    service-policy output QoSTunnel
    interface GigabitEthernet0/0
    description Connected to Satellite Modem
    bandwidth 1024
    ip address 10.2.9.254 255.255.255.252
    duplex auto
    speed auto
    interface GigabitEthernet0/1
    description Connected to L3-Switch
    ip address 10.2.5.253 255.255.255.240
    ip nbar protocol-discovery
    duplex auto
    speed auto
    service-policy input block-p2p
    ip forward-protocol nd
    ip http server
    ip http authentication local
    no ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip route 0.0.0.0 0.0.0.0 Tunnel0
    ip route 1.2.1.1 255.255.255.255 Tunnel0
    ip route 10.1.0.0 255.255.224.0 Tunnel0
    ip route 10.1.5.240 255.255.255.240 Tunnel0
    ip route 10.1.5.254 255.255.255.255 10.1.5.253
    on the WCCP configuration L3-2
    sh ip wccp
    Global WCCP information:
        Router information:
            Router Identifier:                   192.168.0.1
            Protocol Version:                    2.0
        Service Identifier: web-cache
            Number of Service Group Clients:     1
            Number of Service Group Routers:     1
            Total Packets s/w Redirected:        4
              Process:                           2
              CEF:                               2
            Redirect access-list:                -none-
            Total Packets Denied Redirect:       0
            Total Packets Unassigned:            2970
            Group access-list:                   -none-
            Total Messages Denied to Group:      0
            Total Authentication failures:       0
            Total Bypassed Packets Received:     0
    sh ip wccp int
    WCCP interface configuration:
        Vlan6
            Output services: 0
            Input services:  1
            Mcast services:  0
            Exclude In:      FALSE
        Vlan7
            Output services: 0
            Input services:  1
            Mcast services:  0
            Exclude In:      FALSE
        Vlan8
            Output services: 0
            Input services:  1
            Mcast services:  1
            Exclude In:      FALSE
    interface Vlan6
    ip address 10.1.0.254 255.255.224.0
    no ip redirects
    ip wccp web-cache redirect in
    ip access-list standard wccp_grp_list
    permit 10.1.7.253 ## Ironport IP ##
    ip access-list extended wccp_redir_list
    permit tcp 10.1.0.0 0.0.31.255 any eq www
    permit tcp 10.2.0.0 0.0.31.255 any eq www
    permit tcp 10.2.1.0 0.0.0.255 any eq www ## VLAN 1 Users ##
    permit tcp 10.2.11.0 0.0.0.255 any eq www ## VLAN 200 Users ##
    and Static routings on L3-2.
    On Ironport.
    connected NTLM to Domain server
    Service Profile Name:
    Service:
    Standard service ID: 0 web-cache (destination port 80)
    wccp_redir_list
    Router ip address: 10.1.7.254
    Load Balancing : Allow hash and mask
    Forwarding method: Allow GRE or L2
    Return method: Allow GRE or L2
    Default Route : to Router IP
    And configured Guest privileged so if unknown pc will connect it should go through Guest privilege.
    Global Authentication Settings
    Action if Authentication Service Unavailable:    Block all traffic if authentication fails
    Failed Authentication Handling:    Log Guest User by: IP Address
    Re-authentication:    Disabled
    Basic Authentication Token TTL:    18000
    Transparent Proxy Mode Authentication Settings
    Credential Encryption:    Disabled
    Redirect Hostname:    proxy
    Credential Cache Options:    Surrogate Timeout: 3600 seconds
    Client IP Idle Timeout: 3600 seconds
    Cache Size: 8192 entries
    User Session Restrictions:    Disabled
    Secure Authentication Certificate:    Common name:    IronPort Appliance Demo Certificate
    Organization:    IronPort Systems, Inc.
    Organizational Unit:   
    Country:    US
    Expiration Date:   
    Basic Constraints:    Not Critical
       Enable Identity
    Name:       
    (e.g. my IT policy)
    Description:    
    Insert Above:   
    Membership Definition
    Membership is defined by any combination of the following options. All criteria must be met for the policy to take effect.
    Define Members by Subnet:    
    (examples: 10.1.1.1, 10.1.1.0/24, 10.1.1.1-10)
    Define Members by Protocol:    
    All protocols
    HTTP/HTTPS Only 
    Native FTP Only
    Define Members by Authentication:   
    Select a Realm or Sequence:   
    Select a Scheme:     Scheme setting applies to HTTP/HTTPS only.
    If a user fails authentication:     Support Guest privileges   
    Authorization of specific users and groups is defined in subsequent policy layers
    (see Web Security Manager > Decryption Policies, Routing Policies and Access Policies).
    Authentication Surrogate for Transparent Proxy Mode:    Surrogate Type:       
    IP Address
    Persistent Cookie
    Session Cookie
    Explicit Forward Request:        Apply same surrogate settings to explicit forward requests
    If this option is not selected, no surrogates will be used with explicit forward requests and NTLM credential caching will not be available to these requests.
    Advanced
    Use the Advanced options to define or edit membership by proxy port, destination (URL Category), or User Agents.
    The following advanced membership criteria have been defined:
    Proxy Ports:    None Selected
    URL Categories:    None Selected
    User Agents:    None Selected
    Use: NTLMSSP
    Identity Policies: Global Group
    Settings for Global Policy
    Define Members by Authentication:    Require authentication
    Select a Realm or Sequence:    NTLMSSP
    Select a Scheme:     Scheme setting applies to HTTP/HTTPS only.
    If a user fails authentication:     Support Guest privileges   
    Authorization of specific users and groups is defined in subsequent policy layers
    (see Web Security Manager > Decryption Policies, Routing Policies and Access Policies).
    Authentication Surrogate for Transparent Proxy Mode:    Surrogate Type:       
    IP Address
    Persistent Cookie
    Session Cookie
    Explicit Forward Request:        Apply same surrogate settings to explicit forward requests
    If this option is not selected, no surrogates will be used with explicit forward requests and NTLM credential caching will not be available to these requests.
    But the problem is it is not forwarding Guest privilege and browser stuck when loading .

  • Is it possible to connect to 2 different subnets using the wired/wireless with the 1525nw?

    I have a client that just bought a new cp1525nw printer. The problem is that they would like to be able to use it inside there network but also make it available to visitors. Is it possible to use the wired NIC on the internal network and the wireless NIC on there guest network?

    No, sorry, it won't work.
    Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
    I am employed by HP

  • Communication across different subnets using DatagramSocket class

    Hi All
    I've written a simple client-server program to send broadcast messages across the network and receive them back after some processing. The problem is that the messages sent by the program are not received across the subnets i.e. my program broadcasts messages only on the one subnet. I am using DatagramSocket class. Is there any way to communicate across the subnets using DatagramSocket class or will I've to use the some other class like MulticastSocket?
    Thanks in advance
    Neeraj

    neejain wrote:
    The problem is that the messages sent by the program are not received across the subnets
    Your router/gateway is probably set up to drop udp. This is usually done by network administrators to prevent things like broadcast storms across large networks. If you have admin access to the router, you should be able to change it to allow routing of udp.
    God bless,
    -Toby Reyelts

  • Can I download itunes on two different computers using the same apple id?

    Can I download itunes on two totally different computers using the same apple id and go back and forth between them (ie home computer and work computer)?

    You can use a laptop to set up multiple devices with the same apple ID and you can maintiain different content on each device.

  • Mac, WRT 54G, Can I access a Brother MFC9320 on two different subnets?

    (home use) I have a USB server that I can access my USB printers on two different Subnets and I was wondering if I can do the same on the WRT54G. I use 192.xxx.xxx.x for internet use only and 198.xxx.xxx.x for every thing else, like file sharing, multiplayer games, etc. I just named the "Locations"  to either "Internet" or  "Games"  (with games being used for everything else). With the USB server set to "ZerocConfig" I could access the USB printers on both.  I could set the Printer up with a static IP Printer "Location" and then switch locations every time we wanted to print to it but I would like to save a step. It's not that big a deal for me but, having to "Remind" everyone else every time they wanted to print something on it, would get old. Don't want to hook the Brother up to the USB server if I have wireless. It's not the smallest thing in the world to find a place for it anyway.
     I guess my other question would be, having the other subnet, is it more secure (from the internet) using it that way or is it just in my mind. I actually have the the family put their computers on a third "Blank" Location (no IP #) when they are just playing games, homework, etc.
     Thanks,
    Solved!
    Go to Solution.

    I'm guessing the reason i CAN use the USB printers on both subnets is because of the Keyspan USB server, which is hooked to the router, using it's own version of DHCP, (ZeroConfig)? I guess "ZeroConfig" is an open source type configuration. I use a subnet of 192.xxx.xxx.xxx for Internet browsing and I can print with the USB printers, and I use a subnet of 198.xx.xxx.x for everything else and I can still print from the USB printers with out changing anything else. It uses it's own IP numbers on ZeroConfig I guess and when the server is set to DHCP it uses the routers IP instead as then i can't print on the other subnet.
    I guess it's not possible on the router to do it. That's what I was wondering, thanks.....

  • HA ACS in two different subnets.

    Hello,
    I have to configure two ACS 1113 ver 4.1 (4) high reliability, in two different places and two different subnets.
    An apparatus will have to manage an office, the second the other office, but if one goes down the other takes responsibility for the entire network.
    The two subnets are accessible from all devices.
    Will be configured both the Tacacs Server on all systems.
    The ACS are connected to Active Directory to authenticate users.
    My question is, do I create a profile ACS are replicated on the other even though they are on two different subnets? Can I make a HA on two different subnets?
    Thank you.

    Hi Fabio,
    1. Is it a problem that the ACS are connected to two different Active Directory that belongs to the same Domain?
    Ans: I do not think so there should be any pbm when they have in the single domain.
    2. Is there a particoular configuration to replicate just the profiles that i'm going to create on the Master ACS?
    Yes. But its up to you how you want it and what and all you want to send for replication. You have an check box option to select the wanted configurations to be pointed for replication.
    Please do rate if the given information helps.
    By
    Karthik

  • Front End servers within same Pool on different subnets

    The customer is looking to have Amazon AWS host Lync 2013, and despite Lync 2013 having built in HA via Pools, Amazon wants to split the Pools across two of their availability zones (AZ ). An AZ is nothing more than a metropolitan area network, or simply
    a data center located a few miles away. Essentially they want to split the Pools between their two AZs.
    I know that for Lync 2013, the only stretch Pool supported is the Persistent Chat server Pool, and that Front End Pools, Edge Pools, or Mediation Pools are not supported.
    Amazon states that the latency between their AZs is from 1 - 5 ms, which is well within tolerance, though they state that the AZs all have unique subnets.
    I know that none of this is supported, though I am being requested as to why it isn't.
    Forgetting about latency, is this not supported because all servers within a Pool must share the same IP subnet? Is this coded within Lync that only Pools within the same subnet will work? I think it is as with Lync 2010, a stretched VLAN was required for
    a FE Pool to work, which implies the same subnet.
    While on this, a Central site does not mirror that of an AD Site, where a Central Site is a reflection of Pools within an area. So can a Central Site span two AD sites? I believe the answer is yes when one considers that a remote branch office can also be
    its own AD site. The reason for asking this question is I am attempting to see if if the Central Site might also have something to do as to why stretched Pools aren't supported.
    Thanks!
    Christian
    Christian Frank

    Hi Guys,
    Just saw both of your responses. I totally agree that it isn't supported, and what Amazon has been proposing is essentially adding their HA via a redundant AZ so that their infrastructure is redundant, which is their HA (I don't agree!).
    What I am looking for is something a bit deeper as to why. For example, when Lync 2010 had the stretched FE Pool between two locations, it was done via a stretched VLAN, which implies that the servers on both ends must be on the same subnet.
    Amazon wants to stretch all the Pools, between their data centers, so they can say that the Lync infrastructure is highly available, though at each data center, the subnets will be different, and that is what I am attempting to validate.
    I know this isn't supported, though is it because the members within the pool would come from different IP subnets, and Lync 2013 is coded to expect fellow members to be within the same subnet? That essentialy is what the case of Lync 2010 FE Pools was when
    they stretched them. And if you go back to Exchange 2007, stretched VLAN was back then a way to create geo-clustering also, which is no longer the way.
    Frankly, I think it has to do with subnet, and I believe it has to do with how the Windows Fabric is written, and what it is expecting to see. I really think this is the case, which explains the whys as to how stretched Pools are no longer supported any
    longer. Yes?
    Thanks!
    Christian Frank

  • How can I create a Pooled VDI infraestructure using Win server 2012 as VM image?

    Hello
    I have followed the "usual" way to build a pooled VDI desktop using Win7 or Win8 with success, but it fails when I use an image of Win Server 2012 as VM instead. 
    Am I overlooking something?  Should I need to prepare the image in a different way? (Sysprep differently?)
    Thanks

    Dear Ryan
    I think the point is other than committing a breach of licensing.  I have a legitimate need to use a pooled server system, which incidentally is not going to be end user.
    The "economy" of the proposed structure can make a more efficient use of the equipment.
    This is an excerpt of the MS VDI Q&A:
    Do I need to pay for Windows VDA if I use Windows Server as a client operating system in my virtual machine?
    OR
    I’ve heard that I can avoid paying for Windows VDA by using Windows Server as my VDI desktop OS. Is this true?
    Running a Windows Server®
    OS as the desktop in the datacenter does not require Windows VDA, but there are many reasons why a server OS should not be used as a desktop, especially in the datacenter:
    The user experience with servers as the desktop is very different from using a Windows client.
    Many applications for end users were written for a client OS and not a server OS. Each of your applications would need to be retested to ensure compatibility with a server OS. Additionally, most vendors
    do not offer support for client applications running on servers.
    Clients and servers are on different patch cycles, adding to management complexity.
    Most of the VDI ecosystem will support the Windows client in the datacenter, not server OS’s.
    However, if you do decide to run a server OS as the desktop, please note that you will need to pay a Remote Desktop Services Client Access License (RDS-CAL) to correctly license that scenario.

  • Seed mailbox database copy through replication network (DAG members on different subnets in different sites)

    Good afternoon
    I currently operate a two node DAG in our primary site supporting one mailbox database. I plan to introduce a third DAG node in our datacenter which is in a different Active Directory site. Both current DAG members replicate over a dedicated replication
    network to keep the traffic separate from the MAPI traffic. The third DAG member will also have a dedicated replication network adapter (of course, on a different subnet). Ideally I would like to seed the database at a time of my choosing, rather than at the
    moment I add the mailbox database copy (I know how to achieve this), but I would like to specify which network the data replicates over.
    According to the following (see below link) under the 'Seeding and Networks' section as my two DAG members will be on different subnets in different sites Exchange will make the decision to use the MAPI network adapters of the target and source server.
    'If the source server and target server are on different subnets, even if a replication network that contains those subnets has been configured, the client (MAPI) network will be used for seeding.'
    http://technet.microsoft.com/en-us/library/dd335158%28v=exchg.150%29.aspx
    Am I able to force Exchange to use the replication network adapters of both source and target server when I initiate the seeding process? I have a 200+ GB mailbox database that will need to replicate over a 100Mbps internet connection to our secondary
    site and I would like to keep that traffic to the replication network I have configured.
    Any insight would be helpful.

    Hi,
    If you want to specify the networks for seeding, you can use the
    Network parameter when running the
    Update-MailboxDatabaseCopy cmdlet and specify the DAG networks that you want to use.
     If you don't use the Network parameter, then the system uses the following default behavior for selecting a network to use for the seeding operation:
    If the source server and target server are on the same subnet and a replication network has been configured that includes the subnet, the replication network will be used.
    If the source server and target server are on different subnets, even if a replication network that contains those subnets has been configured, the client (MAPI) network will be used for seeding.
    If the source server and target server are in different datacenters, the client (MAPI) network will be used for seeding.
    So please use the Update-MailboxDatabaseCopy cmdlet with
    NetWork parameter to specify which DAG network should be used for seeding.
    Best regards,
    If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Belinda Ma
    TechNet Community Support

  • Can ARD 3 now share a screen across 2 different subnets

    We have one central office. Clients access that office via a VPN. We can then share our screen with them as we work on a proof of a project.
    It's a great solution, however, we can't with ARD 2.2 get it to work with two clients at once over the VPN.
    An old Kbase article said that it wasn't possible to route screen sharing to two different subnets in the 2.2 version. But rather required all clients be on the same subnet.
    Does anyone know or have the ability to test to see if this is different is 3.0. I'm hopeful that it is, as I can no longer find the old Kbase article saying that it wasn't possible.
    Thanks,
    Greg

    Still no reply as to if this was resolved. I'm not so much worried about the move on the client side. As once we upgrade we have the luxury of upgrading everyone at once. I think that will be a smooth process.
    However, our motivation to upgrade is dependant on wether or not the ability to route traffice over multiple subents is fixed or not. So we'll wait and see. If anyone can easily test this. I'd love to know. Sounds like a few other people are hoping to hear something as well.
    Thanks in advance,
    Greg

  • How can I associate 2 appleids with one account or use a different Appleid for imessage as described in another post?

    How can I associate 2 appleids with one account or use a different Appleid for imessage as described in another post?
    I have rejoined the iPhone community, not with one iPhone but with two. My wife agreed to move from the unenlightened!
    I have set up both under my apple account and want to keep it that way. But I do not want iMessages going to both phones. I would like separate message queues but share all apps and other purches from the store.
    I have created a separate AppleID for her but under Settings>Message>Receive At (it currently says 2 addresses) > ... will not allow me to change the current eMail address and when I add hers (her appleid) it errors out. The only thing I can do in the Apple ID field is to manage my account and not change it to hers.
    How can I have 2 iPhones (and my iPad) on the same account but have separate identies?
    Thanks,
    LpGrumpy

    1. Yes. Restart with the Option key held down as needed.
    2. No, it won't be a problem.
    (83373)

  • How can i sync my ipod to a different computer that the one i originally started on without loosing whats on my ipod

    How can I sync my ipod to a different computer than the one I originally started it from. My other computer crashed and lost everything there. dont want to loose my pics n music on my ipod.

    If you want to get those pics and music off your ipod, you'll need to use an application like senuti:
    http://www.fadingred.com/senuti/

  • I have Pandora uno that I been playing every month but I don't have the iPhone where I donwload the app now I have a different phone how can I transfer to the one that I'm using now

    Ihave pandora uno that i been playing every month but I don't have the iPhone where I donwload the app now I have a different phone how can I transfer to the one that I'm using now

    Not sure if you are asking how to obtain the Pandora app on the new phone? If so, the following has information for a variety of phone types including an iPhone: http://www.pandora.com/everywhere/mobile

Maybe you are looking for

  • Entrada de Pedido de Compras

    Pessoal, estou em um cliente que estará na obrigatoriedade de emitor NFe a partir de setembro, no entanto, para atender ao SPED criaram uma categoria de NFe para dar entrada em pedidos de compras que viessem do fornecedor com NFe. A minha dúvida é a

  • When I convert a trailer to a project and add content, how can I get the music track to repeat longer

    Hey fellow Apple Geniuses - I just got the latest iMovie11 so excited for the new trailer feature, only to discover that these teenie weenie movie trailers are not near long enough for my taste, however I do like the cool transitions and layouts, so

  • Easy question - how to increase number of recent files in menu?

    This is for CS5 if it matters. I'm an infrequent Illustrator user (at best) but I have what I hope is an easy question: I want to increase number of recent files showing in the menu. I can't find a preferece to set such as in PS and almost every othe

  • Master details forms

    i have one master and one detail block on the form and there is relationship created on the join field on the form ... the requirement is that for some cases user may enter master as well as detail data but in some cases user may enter data only in m

  • Broken Dcs in MSS

    Hi all, I see around 27 broken Dcs in MSS. The import is successful but the CNS build space shows 27 broken DCs. Would it be an issue. Becuase one of the DC cats approval is a DC that I intend to modify. Appreciate any inputs. regards Sam