[f-nsp] ServerIron XL config help

Ryan DeBerry rdeberry at gmail.com
Fri Feb 24 13:44:37 EST 2006 

I have two servers that I need to load-balance smtp, http, ssl.  I need to
do this with two VIP's.  The first one is from the outside  and the second
one is to the inside from the DMZ.  Here is the topology.

Internet ---> outside subnet where VIP and two reals sit.

then on the same SIXL I need another vip for dmz to inside

DMZ ( where VIP is) ----> to inside where reals are.

Here is what I have so for which is not working, I have the real server
default GW for the Z network pointing to ve 20.

server real owa1 z.z.z.248
 port http
 port ssl
 port ssl keepalive
 port smtp
 port smtp keepalive
!
server real owa2 z.z.z.249
 port http
 port ssl
 port ssl keepalive
 port smtp
 port smtp keepalive

!
server real owa1-inside x.x.x.100
 port http
 port ssl
 port ssl keepalive
 port smtp
 port smtp keepalive

!
server real owa2-inside x.x.x.101
 port http
 port ssl
 port ssl keepalive
 port smtp
 port smtp keepalive

!
!
server virtual owa z.z.z.200
 predictor least-conn
 port ssl sticky
 port ssl keep-alive
 port http sticky
 port http keep-alive
 port smtp sticky concurrent
 port smtp keep-alive
 bind ssl owa2 ssl owa1 ssl
 bind http owa1 http owa2 http
 bind smtp owa1 smtp owa2 smtp
!
server virtual owa-inside y.y.y.100
 port smtp sticky concurrent
 port smtp keep-alive
 port http sticky
 port http keep-alive
 port ssl sticky
 port ssl keep-alive
 bind smtp owa1-inside smtp owa2-inside smtp
 bind http owa1-inside http owa2-inside http
 bind ssl owa1-inside ssl owa2-inside ssl

vlan2 by port
untagged ethe 1 to 8
no spanning-tree
  router-interface ve 2
!
vlan 30 by port
 untagged ethe 9 to 16
 no spanning-tree
  router-interface ve 20
!

interface e 1
 speed-duplex 100-full
!
interface e 2
 speed-duplex 100-full
!
interface e 3
 speed-duplex 100-full
!
interface e 4
 speed-duplex 100-full
!
interface e 5
 speed-duplex 100-full
!
interface e 6
 speed-duplex 100-full
!
interface e 7
 speed-duplex 100-full
!
interface e 8
 speed-duplex 100-full
!
interface e 9
 speed-duplex 100-full
!
interface e 10
 speed-duplex 100-full
!
interface e 11
 speed-duplex 100-full
!
interface e 12
 speed-duplex 100-full
!
interface e 13
 speed-duplex 100-full
!
interface e 14
 speed-duplex 100-full
!
interface e 15
 speed-duplex 100-full
!
interface e 16
 speed-duplex 100-full
!
!
interface ve 2
 ip address y.y.y.101 subnet
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface ve 20
 ip address z.z.z.254 subnet
!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20060224/e9653c17/attachment.html>

More information about the foundry-nsp mailing list