[lvs-users] Cisco PIX problem with LVS-TUN setup

Steve Drew steve.drew at paphotos.com
Fri Nov 30 12:28:11 GMT 2007 

Hi,

I've been trying to get a LVS-TUN setup working, but I've been
experiencing problems with our PIX dropping traffic.

Setup:

Pix has Internet / DMZ1 / DMZ2 networks. The switches are directly
plugged into the PIX for the respective networks.


In DMZ1 I have a LB and realserver1 (realserver 1 setup for testing)

In DMZ2 I have realserver2.


Load balancing to Realserver1 is working correctly, but when the
director sends the request to realsever2 I'm seeing the following on the
PIX:

%PIX-6-106015: Deny TCP (no connection) from host lb0/80 to
my.external.i.p/1083 flags SYN ACK  on interface dmz2-network

I'm presuming because the PIX doesn't know about the connection.

I have disabled reverse-path verification on the dmz2 network.

Can anyone offer any pointers/suggestions? Apologies if this is badly
explained, drop me a mail if you think you can help and need some more
info!

Many Thanks

steve

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list