MS Cluster and NLB with PIX 501

Discussion in 'Cisco' started by Scott Lowe, Nov 29, 2004.

  1. Scott Lowe

    Scott Lowe Guest

    A customer of mine is experiencing some problems with some co-located
    servers behind their Cisco PIX 501 running 6.2(1). Specifically, they
    are experiencing connectivity problems with a newly-created
    active/passive cluster (running Win2K3, IIRC). Based on the research
    I've done thus far, I suspect the problem is related to MAC addresses
    and how those MAC addresses relate to the cluster node IP addresses and
    the IP address of the cluster virtual server. When the cluster fails
    over, the cluster virtual server IP address must now be associated with
    the MAC address of the now active cluster node NIC. I believe this is
    causing a problem with the PIX.

    In addition, I've seen some references that indicate that the cluster
    virtual IP is a "receive only" IP address, and that traffic generated
    from the cluster will actually originate from the IP address of the
    active node. If this is the case, I can see situations where traffic
    is set to one IP (the cluster virtual server IP), but the reply comes
    from a different iP (the cluster node itself). Anyone run into this?
    If so, any workarounds? I thought of using a separate NAT group to
    translate the cluster node IP addresses and the cluster virtual IP
    address itself all the same public IP, but this affects connectivity
    directly to the cluster nodes themselves.

    Any insight, suggestions, etc., would be greatly appreciated. TIA.
    Scott Lowe, Nov 29, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.