I have two servers that I need to load-balance smtp, http, ssl. I need to
do this with two VIP's. The first one is from the outside and the second
one is to the inside from the DMZ. Here is the topology.
Internet ---> outside subnet where VIP and two reals sit.
then on the same SIXL I need another vip for dmz to inside
DMZ ( where VIP is) ----> to inside where reals are.
Here is what I have so for which is not working, I have the real server
default GW for the Z network pointing to ve 20.
server real owa1 z.z.z.248
port http
port ssl
port ssl keepalive
port smtp
port smtp keepalive
!
server real owa2 z.z.z.249
port http
port ssl
port ssl keepalive
port smtp
port smtp keepalive
!
server real owa1-inside x.x.x.100
port http
port ssl
port ssl keepalive
port smtp
port smtp keepalive
!
server real owa2-inside x.x.x.101
port http
port ssl
port ssl keepalive
port smtp
port smtp keepalive
!
!
server virtual owa z.z.z.200
predictor least-conn
port ssl sticky
port ssl keep-alive
port http sticky
port http keep-alive
port smtp sticky concurrent
port smtp keep-alive
bind ssl owa2 ssl owa1 ssl
bind http owa1 http owa2 http
bind smtp owa1 smtp owa2 smtp
!
server virtual owa-inside y.y.y.100
port smtp sticky concurrent
port smtp keep-alive
port http sticky
port http keep-alive
port ssl sticky
port ssl keep-alive
bind smtp owa1-inside smtp owa2-inside smtp
bind http owa1-inside http owa2-inside http
bind ssl owa1-inside ssl owa2-inside ssl
vlan2 by port
untagged ethe 1 to 8
no spanning-tree
router-interface ve 2
!
vlan 30 by port
untagged ethe 9 to 16
no spanning-tree
router-interface ve 20
!
interface e 1
speed-duplex 100-full
!
interface e 2
speed-duplex 100-full
!
interface e 3
speed-duplex 100-full
!
interface e 4
speed-duplex 100-full
!
interface e 5
speed-duplex 100-full
!
interface e 6
speed-duplex 100-full
!
interface e 7
speed-duplex 100-full
!
interface e 8
speed-duplex 100-full
!
interface e 9
speed-duplex 100-full
!
interface e 10
speed-duplex 100-full
!
interface e 11
speed-duplex 100-full
!
interface e 12
speed-duplex 100-full
!
interface e 13
speed-duplex 100-full
!
interface e 14
speed-duplex 100-full
!
interface e 15
speed-duplex 100-full
!
interface e 16
speed-duplex 100-full
!
!
interface ve 2
ip address y.y.y.101 subnet
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface ve 20
ip address z.z.z.254 subnet
!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/foundry-nsp/attachments/20060224/e9653c17/attachment.html
do this with two VIP's. The first one is from the outside and the second
one is to the inside from the DMZ. Here is the topology.
Internet ---> outside subnet where VIP and two reals sit.
then on the same SIXL I need another vip for dmz to inside
DMZ ( where VIP is) ----> to inside where reals are.
Here is what I have so for which is not working, I have the real server
default GW for the Z network pointing to ve 20.
server real owa1 z.z.z.248
port http
port ssl
port ssl keepalive
port smtp
port smtp keepalive
!
server real owa2 z.z.z.249
port http
port ssl
port ssl keepalive
port smtp
port smtp keepalive
!
server real owa1-inside x.x.x.100
port http
port ssl
port ssl keepalive
port smtp
port smtp keepalive
!
server real owa2-inside x.x.x.101
port http
port ssl
port ssl keepalive
port smtp
port smtp keepalive
!
!
server virtual owa z.z.z.200
predictor least-conn
port ssl sticky
port ssl keep-alive
port http sticky
port http keep-alive
port smtp sticky concurrent
port smtp keep-alive
bind ssl owa2 ssl owa1 ssl
bind http owa1 http owa2 http
bind smtp owa1 smtp owa2 smtp
!
server virtual owa-inside y.y.y.100
port smtp sticky concurrent
port smtp keep-alive
port http sticky
port http keep-alive
port ssl sticky
port ssl keep-alive
bind smtp owa1-inside smtp owa2-inside smtp
bind http owa1-inside http owa2-inside http
bind ssl owa1-inside ssl owa2-inside ssl
vlan2 by port
untagged ethe 1 to 8
no spanning-tree
router-interface ve 2
!
vlan 30 by port
untagged ethe 9 to 16
no spanning-tree
router-interface ve 20
!
interface e 1
speed-duplex 100-full
!
interface e 2
speed-duplex 100-full
!
interface e 3
speed-duplex 100-full
!
interface e 4
speed-duplex 100-full
!
interface e 5
speed-duplex 100-full
!
interface e 6
speed-duplex 100-full
!
interface e 7
speed-duplex 100-full
!
interface e 8
speed-duplex 100-full
!
interface e 9
speed-duplex 100-full
!
interface e 10
speed-duplex 100-full
!
interface e 11
speed-duplex 100-full
!
interface e 12
speed-duplex 100-full
!
interface e 13
speed-duplex 100-full
!
interface e 14
speed-duplex 100-full
!
interface e 15
speed-duplex 100-full
!
interface e 16
speed-duplex 100-full
!
!
interface ve 2
ip address y.y.y.101 subnet
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface ve 20
ip address z.z.z.254 subnet
!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/foundry-nsp/attachments/20060224/e9653c17/attachment.html