Application Delivery (ADX)

Reply
Occasional Visitor
Posts: 1
Registered: ‎02-04-2015

ADX 1000 SSL SLB problem

Hellow, i try to configure "one-arm" topology:

Serv1{192.168.3.5/24} \

                                        -----------[L2 Swtitch]-----------[Brocade 192.168.3.3]

Serv1{192.168.3.6/24} /                      |

                                                             |

                                                             |

                                                          [client]

ServX - is a web server with SSL.

My config:

ver   12.4.00gT403
!
global-protocol-vlan
!
server no-fast-bringup
no server l4-check
port range ssl

server port 443
  tcp
!
context default
!
!
!
server remote-name S1 192.168.3.5
  port ssl
!
server remote-name S2 192.168.3.6
  port ssl
!
!
server virtual vServ 192.168.3.7
  port ssl sticky
  port ssl lb-pri-servers
  bind ssl S1 ssl S2 ssl
!
vlan 1 name DEFAULT-VLAN by port
!
aaa authentication web-server default local
aaa authentication login default local
boot sys f1 sec
no enable aaa console
hostname ADX_1000
ip route 0.0.0.0 0.0.0.0 192.168.3.1
!
telnet server
username admin password
router vrrp-extended
no-reboot-bp-communication-down
!
interface managment 1
  ip address 192.168.0.1 255.255.255.0
!
interface ethernet 2
  ip address 192.168.3.3 255.255.255.0
  slb
!
.....

 When i try to connect from client ( curl https://192.168.3.7 ), i see in (#debug filter) only one incoming tcp connection (SYN package).

What is wrong?

dej
New Contributor
Posts: 3
Registered: ‎02-04-2015

Re: ADX 1000 SSL SLB problem

[ Edited ]

Hello,

 

One issue you may have is that you do not have source nat enabled.  Review the link below for additional information.

 

"Source NAT configuration is useful where a ServerIron is connected in one-armed mode"

 

http://www.brocade.com/support/Product_Manuals/ServerIron_SLBGuide/slb.2.10.html

 

 

*edit*

Also, another change you may need is technically the servers are real, not remote.  The command "lb-pri-servers" may be unneeded as well since you are not using a mix of real and remote servers or utilizing primary/backup server configuration.

 

http://www.brocade.com/support/Product_Manuals/ServerIron_SLBGuide/slb.2.23.html

 

Thank you,

 

-D

 

***Disclaimer: The above information is only advice.  Please review and test any configurations you apply to your environment.***

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.