«

A customer of mine is experiencing some problems with some co-located
servers behind their Cisco PIX 501 running 6.2(1). Specifically, they
are experiencing connectivity problems with a newly-created
active/passive cluster (running Win2K3, IIRC). Based on the research
I've done thus far, I suspect the problem is related to MAC addresses
and how those MAC addresses relate to the cluster node IP addresses and
the IP address of the cluster virtual server. When the cluster fails
over, the cluster virtual server IP address must now be associated with
the MAC address of the now active cluster node NIC. I believe this is
causing a problem with the PIX.

In addition, I've seen some references that indicate that the cluster
virtual IP is a "receive only" IP address, and that traffic generated
from the cluster will actually originate from the IP address of the
active node. If this is the case, I can see situations where traffic
is set to one IP (the cluster virtual server IP), but the reply comes
from a different iP (the cluster node itself). Anyone run into this?
If so, any workarounds? I thought of using a separate NAT group to
translate the cluster node IP addresses and the cluster virtual IP
address itself all the same public IP, but this affects connectivity
directly to the cluster nodes themselves.

Any insight, suggestions, etc., would be greatly appreciated. TIA.

--
Scott Lowe