CSS and NAT problems (easy one?)
Hi,
I am trying the simplest of configurations, attempting to Load-Balance traffic using two servers and a single CSS. I am using "Routed" mode, but am experiencing problems with NAT. I am new to the world of CSSs.
I have two servers that have the VIP 80.80.80.230. All traffic is initiated from the client-side (public) and talks to this VIP address. All RETURN traffic must be NATed (by the CSS) with this VIP address. I would expect:-
CLIENT (PUBLIC) -----> 80.80.80.230 (SERVER-VIP)
CLIENT (PUBLIC) <----- 80.80.80.230 (SERVER-VIP)
However, this configuration does not seem to work for me. When I sniff, I see the return traffic is NOT being NATed ....I see the following :
CLIENT (PUBLIC) ----------------------> 80.80.80.230
CLIENT (PUBLIC) <----------------------10.10.10.2
Here is my config :
ip route 0.0.0.0 0.0.0.0 80.80.80.225 1
!************************* INTERFACE *************************
interface e2
bridge vlan 2
!************************** CIRCUIT **************************
circuit VLAN1
ip address 80.80.80.227 255.255.255.240
circuit VLAN2
ip address 10.10.10.1 255.255.255.0
!************************** SERVICE **************************
service server1
ip address 10.10.10.2
port 5060
active
service server2
ip address 10.10.10.3
port 5060
!*************************** OWNER
owner me
content lbal
port 5060
protocol udp
vip address 80.80.80.230
add service server1
add service server2
application sip
active
!*************************** GROUP
group clients-group
vip address 80.80.80.230
add service server1
add service server2
active
CSS11501 /Version 7.4
I have tried this config with and without the NAT Group (clients-group) but to no avail.
Please please can someone stop me from going crazy with this. Any help really apprectaied.
Grazie !
Matt
Hi Matt,
On the group use "add destination service" instead of "add service". That will do source NATing of traffic hitting the VIP.
Looks like this:
group clients-group
vip address 80.80.80.230
add destination service server1
add destination service server2
active
Diego
Similar Messages
-
Can I include both CSS and HTML codes in one Open HTML Editor.
Somehow Cell phones are not properly reading css codes. Is there any way to include both CSS and HTML codes in one Open HTML Editor?
Hammad, their code is fairly mobile friendly. Per my other discussion with you ( http://topliners.eloqua.com/thread/8532 ), Eloqua's code is responsive for the most part. Most of their issues lie with the styling of the email where you will get different fonts and different sized fonts throughout the email and some other minor display issues.
What you are trying to accomplish is extremely difficult to do because you do not have the access to the HTML to better control how the responsive template works which is why the Eloqua templates (and most ESP templates) stick to the more basic side of emails.
If you want to use Eloqua's WYSIWYG to make their responsive email you can do so, but I would recommend deleting all their body text before editing anything because of the inconsistencies in their code. Otherwise, I think you would be better off coding the emails outside of Eloqua using a 3rd party editor whether it's something more robust like Dreamweaver or Coda, or whether you feel comfortable working in a more text environment with programs like Notepad++ or Brackets.
At the end of the day remember you are paying Eloqua for these and if you choose to stick with the WYSIWYG and you are not getting the results you expect you need to tell Eloqua through your support channels. -
Css and RequestDispatcher problem
I'm using JBoss + embedded Tomcat (not using apache
yet in development).
I have problem with JSP and css. My JSP includes css
with this tag:
<link rel="stylesheet" href="style.css" type="text/css">If I access the JSP directly from web-browser IE5
to http://127.0.0.1:8080/myContext/fileName.jsp ,
it's displayed correctly.
However, if I let a servlet dispatch the JSP, the css didn't
included somehow (browser displayed the JSP without css-formatting).
RequestDispatcher dispatcher = getServletContext().
getRequestDispatcher("/fileName.jsp");
if (dispatcher != null)
dispatcher.forward(request, response);
/* ... */I put css and JSP in the same subdir. Is this a Tomcat error, or
I forgot to set something in the request object, or
I need to append something to "/fileName.jsp"?
Thanks in advance.
VerdiUnfortunately, the solution I found was to "hardcode" the absolute path. For example:<link rel="stylesheet" href="<%= request.getContextPath() %>/style.css" type="text/css">There're another way I think may preserve the context
path, that is to use response.sendRedirect. Problem with
this approach is however, you can't embedd javabean
as "attribute" cause attribute will be removed in the new request (of redirected jsp).
-- Verdi March -- -
Hi people,
j have found this
http://www.dhtmlgoodies.com/index.html?whichScript=ajax-tooltip
but i don't know how I implement this in apex.
So that i have i general question.
How can i implement my own css and in which way can i use these?
is there a how to or something?Hello,
You can maintain your own, external (preferably OS level) CSS file, and load it using your page template, the same way APEX loading its own CSS file.
If you look at your page template, in the HTML Header section, you'll see something like this:
<link rel="stylesheet" href="#IMAGE_PREFIX#themes/theme_5/theme_V2.css" type="text/css" />In this case this is the CSS file for theme 5. You can put your own CSS file in the same directory as the rest of your theme file, and use a similar link.
Take into consideration that because the cascading effect (the first C in CSS) you need to load your file after the original APEX files, so in case you are targeting the same selectors (elements/attributes), yours will get precedent.
The best place to start learning a bit more about CSS is the following http://www.w3schools.com/css/default.asp
Hope this helps,
Arie. -
Hi, I have a problem with the NAT group intercepting connections to a PIX on the local VLAN. VLAN1 on the LB is the outside internet connection, VLAN2 is internal, at 10.0.10.0/24. The PIX IP is 10.0.10.254. If a webserver at 10.0.10.5 tries to connect to a server behind the PIX, the PIX logs a connection not from 10.0.10.5, but from the NAT group, which has an external IP address. Not only does this slow things down, but confuses the ACL config on the PIX. Any way to force devices to directly connect on the local VLAN, as one would normally expect? Thanks!
What happens is the traffic that will use the group will need to match the source/dest configured in the ACL, but more importantly, the VLAN you apply to the ACL itself will determine what traffic is even looked at in the ACL itself. So if you apply vlan1 to the ACL, then only traffic coming into the CSS via VLAN1 will use the acl (assuming it matches the clause criteria configured).
By using the ACL approach, you could put those ip addresses you want to NAT in the first clauses, and then leave out the ones you do not want to NAT. If there is no ACL match, then there will be no NAT.
Instead of specifying all the ip addreses in separate ACLs, you can use the subnet mask to create a range of addresses.
Hope this help. I do agree that this can be a bit of a maint challenge having to do this, but I'm not sure any other option exists unless there is something different about the way you have your source groups configured.
Regards
Pete.. -
Please verify the CSS and SCA configuration for one-armed transparent mode
I have a problem to configure one-armed transparent mode. I cannot access the server with "https://9.9.9.1" even "http://9.9.9.1:80" and "http://9.9.9.1:81" operational. looks CSS cannot communicate properly with SCA.
I couldn't figure out from CCO sample configuration. please correct the attached configuraiton.
Thanks,
** connectivity ********
<client>----<router>----<CSS>---<SCA>,<Server>
- client=7.7.7.100
- router's e0/0=7.7.7.1, e0/1=8.8.8.3(connect to VLAN2 of CSS)
- SCA=11.11.11.100, connect to VLAN3 of CSS
- server=10.147.153.12 and 10.147.153.15 on the same box, connect to VLAN4 of CSS
** configuration *********
CSS11050# sh run
!Generated on 01/01/2079 00:00:47
!Active version: ap0500105
configure
!*************************** GLOBAL ***************************
acl enable
ip route 0.0.0.0 0.0.0.0 11.11.11.100 1
ip route 7.7.7.100 255.255.255.255 8.8.8.3 1
ip route 7.7.7.200 255.255.255.255 8.8.8.3 1
!************************* INTERFACE *************************
interface e2
bridge vlan 2
interface e3
bridge vlan 3
interface e4
bridge vlan 4
interface e5
bridge vlan 4
!************************** CIRCUIT **************************
circuit VLAN1
ip address 9.9.9.2 255.255.255.0
circuit VLAN2
ip address 8.8.8.2 255.255.255.0
circuit VLAN3
ip address 11.11.11.1 255.255.255.0
circuit VLAN4
ip address 10.147.153.1 255.255.255.0
!************************** SERVICE **************************
service ING_SVC_12
protocol tcp
ip address 10.147.153.12
active
service ING_SVC_15
protocol tcp
ip address 10.147.153.15
active
service ING_SVC_SCA
port 443
protocol tcp
ip address 11.11.11.100
type transparent-cache
no cache-bypass
active
service upstream
ip address 8.8.8.3
type transparent-cache
active
!*************************** OWNER ***************************
owner ING_OWNER
content cnt_443
add service ING_SVC_SCA
protocol tcp
port 443
vip address 9.9.9.1
active
content cnt_80
add service ING_SVC_12
add service ING_SVC_15
protocol tcp
port 80
url "/*"
vip address 9.9.9.1
active
content cnt_81
add service ING_SVC_12
add service ING_SVC_15
vip address 9.9.9.1
protocol tcp
port 81
url "/*" <-- If I configure url "/secure/*", not working "http://9.9.9.1:81" from client.
active
!**************************** ACL ****************************
acl 1
clause 10 permit any any destination any
apply circuit-(VLAN1)
acl 2
clause 10 permit any any destination any
apply circuit-(VLAN2)
acl 3
clause 10 permit any any destination any
apply circuit-(VLAN3)
acl 4
clause 10 permit any any destination any
apply circuit-(VLAN4)
ING_SCA# sh run
# Cisco SCA Device Configuration File
# Written: Sun Feb 6 01:12:54 2106 MST
# Inxcfg: version 4.1 build 200211151311
# Device Type: CSS-SCA
# Device Id: S/N 11aca8
# Device OS: MaxOS version 4.1.0 build 200211151311 by reading
### Mode ###
mode one-port
### Interfaces ###
interface network
auto
end
interface server
auto
end
### Device ###
ip address 11.11.11.100 netmask 255.255.255.0
hostname ING_SCA
timezone "MST7MDT"
### Password ###
password idle-timeout 15
### SNTP ###
sntp interval 86400
### Static Routes ###
ip route 0.0.0.0 0.0.0.0 11.11.11.1 metric 1
### RIP ###
no rip
### DNS ###
no ip name-server
no ip domain-name
### Telnet ###
telnet enable
### Web Management ###
web-mgmt port 80
no web-mgmt enable
### SNMP Subsystem ###
no snmp
### SSL Subsystem ###
ssl
server ING create
ip address 9.9.9.1
localport 443
remoteport 81
key default
cert default
secpolicy default
sslv2 enable
sslv3 enable
tlsv1 enable
session-cache size 20480
session-cache timeout 300
session-cache enable
no clientauth enable
clientauth verifydepth 1
clientauth error cert-other-error fail
clientauth error cert-not-provided fail
clientauth error cert-has-expired fail
clientauth error cert-not-yet-valid fail
clientauth error cert-has-invalid-ca fail
clientauth error cert-has-signature-failure fail
clientauth error cert-revoked fail
sharedcipher error failhtml
ephemeral error failhtml
no httpheader client-cert
no httpheader server-cert
no httpheader session
no httpheader pre-filter
httpheader prefix "SSL"
ephrsa
keepalive frequency 5
keepalive maxfailure 3
no keepalive enable
end
endthe problem is the routing.
You need a route for the client pointing to the SCA like this
ip route 7.7.7.100 255.255.255.255 11.11.11.100 1
This is so the reply from the server to the client goes back to the SCA first
for encryption.
Gilles. -
Flash, CSS, and Firefox problem
Hello.
I have an html document that is built using CSS (div tags,
etc). This CSS calls out to swfs (defined by DIVs) to build the
page.
The layout is very simple, starting with a top navigation bar
swf. There are buttons in this navigation bar that, when rollover,
cause a graphic to unmask and pull down. The graphic is rather
large and forces the top nav bar height to 800. Naturally, this
will eclipse other elements on the page when the graphic crashes
down.
By using a combination of "wmode=transparent" and z-indexing
in the Flash code, I can get the crashdown graphic to appear above
the other elements in the html.
However, and here is the issue, in Firefox the sheer,
necessary height of the top nav bar prevents clicking on any other
buttons in the elements that appear below the top nav bar. It's as
if there is an alpha mask over everything which prevents RollOvers
and general mouse clicking action. Oddly, it works perfectly in
I.E.
Any insight would be vastly appreciated. I've researched what
I could of this topic, but nothing I can find replicates my exact
issue. Thank you.
-dEHey Deggz, I'm experiencing the same problems that you're
having and have been research for an answer for weeks. Have you
found a solution yet? -
POP3 and IMAP problem for one user
Hi All,
One of my users has recently connected her iPhone4 to our GW7. We set her up just like numerous other of our users, and she is having some issues. When set up as IMAP using the default application on her iPhone, she can see all her folders and all her mail up to December 21, 2011, but nothing after that. If she asks to download more messages, it successfully shows earlier messages, but still nothing more recent than December. When set up as POP, she is able to download recent messages, but there are wide gaps in what she can see. Whole days are missing. I can send her a new message, and she can POP it right away, but messages that came in just hours before will not come over. None of our other users have any such issues--including at least one with the same iPhone.
The user swears that she has no other e-mail program POPing mail--and even if she did, I don't think it would explain the IMAP issue--but I may be wrong about that. This user does have an incredibly large online mail account--over 20,000 messages in her Mailbox folder alone. I have examined her POA indexes, and they show nothing un-indexed.
I have used my own phone (Droid Bionic) to connect to her GWise account and I see the same behavior from her account.
We are using GWIA 7.0.2, and I can see her phone making connections successfully. I see no errors, but I have not yet studied a Verbose display when she connects.
Any suggestions about how to proceed to troubleshoot this?
What could I do if I wanted to reset whatever information her account stores as to what messages have been POP'ed off or to reset whatever info about IMAP is maintained?
Thanks in advance,
Peter.On 1/12/2012 3:16 PM, pgsmick wrote:
>
> Many, or shall I say /imapreadlimit -10, thanks to you Michael.
> Preumably there is a reason for this limit, and I don't feel like caving
> in to pressure from users who refuse to clean out their mailboxes, but
> what are the specific downsides to raising the limit? And does this
> shed any light on the other issue with using the POP3 method?
>
> Again, you're a gem.
>
> Peter.
>
>
My understanding is as you raise it, the memory usage of the POA and the
CPU hit on the POA will increase. It's been explained to me that the
IMAP standard requires certain correlations and bufferings to made
between the different items, so the memory usage increases. (IMAP is
fairly complex, so I doubt I can explain it all since I doubt I
understand it all). For example IMAP requires synthetic UIDS to be
correct for all the items in the mailbox during the session. There is
room for improvement here, but it hasn't been a super-high priority is
what I was told just this past BrainShare. It will never be a completely
low memory "streaming" kind of solution though - a lot of state has to
be built and maintained during the IMAP session.
POP, I'm not sure about. I do know GW can get confused. Have her specify
her pop UserID differently. For example if her normal gwmailbox is
jsmith, have her try jsmith:v=2 .
Also see other whacky POP switches
you can set affect the date range, and #. The "v","l",and "t" are the
most important.
User ID Login Options
With POP3 clients, users can add the options listed in the table below
to the login name (GroupWise user ID) to control management of their
mailbox messages. If used, these options override the POP3 settings
assigned through the user’s class of service (see Section 47.1.2,
Creating a Class of Service).
Login options are appended to the user ID name with a colon character
(:) between the user ID name and the switches:
Syntax: user_ID:switch
Example: User1:v=1
You can combine options by stringing them together after the user ID and
the colon without any spaces between the options:
Syntax: user_ID:switch1switch2
Example: User1:v=1sdl=10
The syntax for the user ID options is not case sensitive. Login options
are not required. If you do not want to include any login options, just
enter the user ID name in the text box, or following the USER command if
you are using a Telnet application as your POP3 client.
Table 46-1 User ID Login Options
Option
Explanation
Example
v=number between 1-31
The v option defines the POP3 client’s view number. If multiple POP3
clients access the same GroupWise mailbox, each client must use a
different view number in order to see a fresh mailbox.
For example, if two POP3 clients access a mailbox and the first client
downloads the unread messages, the second client cannot download the
messages unless it is using a different view number than the first client.
If this option is not used, the default value is 1.
User_ID:v=1
d
The d option deletes the messages from the GroupWise mailbox after they
have been downloaded to the POP3 client.
User_ID:d
p
The p option purges the messages from the GroupWise mailbox after they
have been downloaded to the POP3 client.
User_ID:p
t=1-1000
The t option defines the download period, starting with the current day.
For example, if you specify 14, then only messages that are 14 days old
or newer are downloaded. If this option is not used, the default value
is 30 days.
User_ID:t=14
n
The n option downloads messages in RFC-822 format rather than the
default MIME format.
User_ID:N
m
The m option downloads messages in MIME format. This is the default.
User_ID:M
s
The s option presets the file size when the STAT command is executed. If
the user mailbox contains a lot of messages or large messages, it can
take a long time to calculate the file size. With this option, the STAT
command always reports an artificial file size of 1, which can save time.
User_ID:S
l=1-1000
The l option limits the number of messages to download for each POP3
session. For example, if you want to limit the number of messages to 10,
you enter l=10. If this option is not used, the default value is 100
messages. -
CSS 11500 url path rewrite and NAT
Hi,
We are evaluating a CSS 11500 and try to configure url path rewrite and NAT, but we have some problems.
What we would like to do is the following:
http://www.example.com/path1 -> http://host1:80
http://www.example.com/path2 -> http://host1:8080
http://www.example.com/path3 -> http://host2:80
The address www.example.com is resolving to a valid internet address, whereas host1 and host2 resolves to private IP addresses.
The client should always see the external url (e.g. http://www.example.com/path1/...) and the CSS should do the necessary translation.
Any help would be very much appreciated!
Regards,
HaraldHello Experts, I'm new with this cisco stuff too(just got it 3 weeks ago), but here is some of my experience with cisco css 11501.
First : Service ServerName, there is a port setting here, but from my experience, I think it is related with KeepAlive option, so, port is alternate way to know if the server alive or not.
Second : When you send request to cisco css, the port option in content port will be the cisco css port to accept request, so, if you send a request to http://vip:8080/, all service must be in the same port too to balance the request, in this case, port 8080, if one service port 80, i'm sure the css will not hit the server.
Third : To solve your problem...
http://www.example.com/path1 -> http://host1:80 (ipA)
http://www.example.com/path2 -> http://host1:80 (ipB)
http://www.example.com/path3 -> http://host2:80
if you are lazy to buy new nic, just set subinterface/ip alias on the host1, and make the webserver only bind to specific address, not to all interface...
O yea, about your path1/path2/path3 -> /, hmm, i'm still asking in this forum about path changing cause until now, i haven't know how to do this, i know about apache rewrite module, and success do this, if only i know about this in cisco css too :-(
I'm sorry if I make mistake, I'm just telling my experience... -
I am experiencing on going problems with my i phone 4 due to me sharing an i tunes account with my daughter. I have been told by apple to cancel my existing (shared) i tunes account and open a new one for my use only. How do I do this? I cant find any links in i tunes to do this. mountfield
No, it's done on the computer, it's just done on the web and not through iTunes. I guess you could do it on the iPhone, but it would be easier to do on the computer.
Just go to the site linked above, then click on the big blue button and fill out the neccessary information. -
CSS and Images export problems
I am trying to export a page to dreamweaver using css and images method. I have created rectangles for the header, content and footer to create divs. Added text and graphics. When I export, it does not export with html codes and css, it gives me one big .jpg. "Layer_1.jpg". Does anyone know what I'm doing wrong?
Thanks,
Wendy
Message was edited by: wen8 I just found someone else with the exact same problem who said rebooting solved his problem. This also worked for me. Yeah!Problem fixed by rebooting!
-
I've just signed up to iTunes Match as I have songs on my iPhone 4 which wont sync with iTunes as they are from CDs but I can't see my music in the cloud now. Anyone had the same problem and have an easy fix?
What fixed it for me:
On your computer, open iTunes > My iPhone (or whatever name you gave your iPhone) > "Music" page
Uncheck "Sync Music"
Click "Sync" button (bottom right)
Let it run and finish
Uncheck the box for every song, playlist, etc.
Click "Sync" button (bottom right) (This step may be unnecessary, but I did it and got the result I wanted.)
Let it run and finish
Check the boxes for the music you want on your iPhone
Click "Sync" button (bottom right)
Let it run and finish
See if that doesn't work for you. I tried a lot of things that did nothing, but this seems to have fixed it, and quickly. -
I bought a new laptop and used Windows Easy Transfer cable and moved all files from one computer to another. I installed iTunes and found my iTunes music Library. However, when I plug in my iPod it says it is already synced with another iTunes Library.
I don't see anything in Help that shows when you already have transfered all the files over. Why would it want to erase and sync when I already have all the music folder copied over? I didn't have an issue when I had another technician copy from one laptop to another. Home sharing is also on but not being recognized.I suspect you only migrated the media folder instead of the complete working library. Either review the transfer process and copy over the entire iTunes folder from your old profile's music folder or see Recovering your iTunes library from your iPod or iOS device.
tt2 -
I've recently started to use Numbers on my macbook pro but when I try to sync to iCloud it asks me to create a new iCloud account. Problem is I already have one and that's the one I want to use.
Looks like I have the same situation on my iphone.
The only option I'm being given is to create an lCloud account.
Any guidance? Thanks.The last thing you want is a second iCloud account. Try logging out and back in in System Preferences. If that doesn't work, I'd get AppleCare on the line.
Jerry -
I have my daughters Ipod, my iphone, my wife's Iphone and Ipad on the one Apple ID. Since the latest update we are receiving Imessages from our daughter's Ipod with my wife's caller ID on the one message strand.
Is it possible to differentiate between all the devices?Can I fix this problem?I recommend that you
Create a NEW account/ID for her using these instructions. Make sure you follow the instructions. Many do not and if you do not you will not get the None option. You must use an email address that you have not used with Apple before.
Creating an iTunes Store, App Store, iBookstore, and Mac App Store account without a credit card
Use the new ID on her iPod but only for:
Settings>Messages>Send and Receive
Settings>FaceTime
and Settings>iCloud if you want her to have separate Contacts Calendar and some other things.
Continue to use the same/common Apple ID for Settings>iTunes and App stores so you can share purchases.
Maybe you are looking for
-
For some time whenever I try to print a document in landscape format using acroread, the printer will process the job for a few seconds then the job error light begins flashing. If I reset the printer and print with kpdf the document comes out fine.
-
Export single table from Production
Dear Experts I have to export a single table from Production and import that into Quality. In SCC8 we have a option in expert mode (SingleCopy option tables) will this help me in exporting the data of a single table if yes but which profile do we sel
-
Help - Disconnected Server Setup: Which program do you use to copy the updates off with?
Hi, I am in the process of upgrading our Disconnected WSUS Network up. My new configuration is 1 Server running 2012 Datacentre which hosts our online WSUS server and 1 Windows 7 Enterprise PC (both in a workgroup) in the same subnet which has a blur
-
Acrobat X will not convert JPG from a cell phone camera to pdf.
One our PMs took some photos with his camera phone and Acrobat doesn't do anything when you try to convert the jpg to pdf. If we try to combine in Acrobat, the process starts, the Combine box opens and shows the files, but when you click on combine
-
E-mail Notices of Responses (This Forum) are Misdirected!!!
This is to let all users know that e-mail notices of responses to posted queries in this forum are being misdirected to my e-mail. I can offer no explanation nkh