Your physical setup is the problem. You have three options to make this
work.
1) Plug the servers directly into local director, using crossover cables.
2) Buy a new switch and plug it into the local director, and the servers
into it.
3) Create a new VLAN on the switch for the servers and LD, but you need a
L3 device to handle the VLAN routing.
Your packets/frames are getting mixed up because return traffic isn't coming
back through the local director. According to your config (no ping-allow
x), your shouldn't be able to ping your real servers.
Hope this works out for you.
Jeff
""Pushkar Shirolkar"" [EMAIL PROTECTED] wrote in message
8pb61i$qbm$[EMAIL PROTECTED]">news:8pb61i$qbm$[EMAIL PROTECTED]...
hi,
i can ping the servers from the PIX , but not the virtual IP ... the
servers
are not directly plugged in the LD .. there is a common switch for the LD
interface,the PIX internal interface and the servers as they all are in
the
sane network. one thing i want is that should i plug in one more interface
of the LD in the same network as right now i have only one interface into
this network.
regds
Pushkar
"Jeffrey Eiber" [EMAIL PROTECTED] wrote in message
news:8pb024$fo2$[EMAIL PROTECTED]...
I didn't notice anything obviously wrong with your config. This may
sound
obvious, but the LD uses a regular old NIC. If your servers are plugged
directly into the LD, you must use a crossover cable. For
troubleshooting
only, allow any port to pass through the local director. Then lock it
down
to 80/443 after everything is working. Try ping your servers from the
LD,
and try to ping the LD from the PIX DMZ interface. Do a 'show real' and
'show virtual' to get some better info than the config.
Let me know how you do from here.
Jeff
""Pushkar Shirolkar"" [EMAIL PROTECTED] wrote in message
8p97ca$mco$[EMAIL PROTECTED]">news:8p97ca$mco$[EMAIL PROTECTED]...
hi friends,
i have a strange prob. i have a cisco load director 416 ... and have a
very
simple config. i have a firewall whose one interface is to the
internet
and
one to the internal n/w ... as usual .. nothing diff. . and
inside
on
the n/w i have one load director and 2 web servers which i want to
load
balance ...
i have natted the virtual IP in the firewall to a public IP .. and
opened
port 80 for incoming hits now this virtual IP is bound to the 2
web
servers ...
but the prob is that i donot get any inbound connections from outside
..
also when i tried to telnet to port 80 of the virtual IP from inside
also
..
i'm unable to do so ...
also i have connected only one ethernet cable from the first ethernet
interface on the LAN .. do i have to connect another cable from the
second
interface even though they are in the same n/w ??
please can anyone help out ... this is ans SOS situation ..
the config file is below .. please take a look ...
Pushkar
---
: Saved
: LocalDirector 416 Version 3.1.4
syslog output 20.3
no syslog console
enable password 4d9b64f9ab66474af34252545443b8 encrypted
hostname web_ld
no shutdown ethernet 0
no shutdown ethernet 1
shutdown ethernet 2
interface ethernet 0 auto
interface ethernet 1 auto
interface ethernet 2 auto
mtu 0 1500
mtu 1 1500
mtu 2 1500
multiring all
no secure 0
no secure 1
no secure 2
no ping-allow 0
no ping-allow 1
no ping-allow 2
ip address 172.16.0.254 255.255.255.0
no rip passive
rip version 1
failover ip address 0.0.0.0
no failover
password cisco
snmp-server enable traps
no snmp-server contact
no snmp-server location
virtual 172.16.0.253:80:0:tcp is
virtual 172.16.0.253:443:0:tcp is
real 172.16.0.4:80:0:tcp is
real 172.16.0.10:80:0:tcp is
name 172.16.0.4 web1
name 172.16.0.10 web2
name 172.16.0.253 domain
bind 172.16.0.253:80:0:tcp 172.16.0.4:80:0:tcp
bind 172.16.0.253:80:0:tcp 172.16.0.10:80:0:tcp
: end
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associate-Announcement.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associate-Announcement.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
**NOTE: New CCNA/CCDA List has been formed. For more information