Your physical setup is the problem. You have three options to make this
work.
1) Plug the servers directly into local director, using crossover cables.
2) Buy a new switch and plug it into the local director, and the servers
into it.
3) Create a new VLAN on the switch for the servers and LD, but you need a
L3 device to handle the VLAN routing.
Your packets/frames are getting mixed up because return traffic isn't coming
back through the local director. According to your config (no ping-allow
x), your shouldn't be able to ping your real servers.
Hope this works out for you.
Jeff
""Pushkar Shirolkar"" <[EMAIL PROTECTED]> wrote in message
8pb61i$qbm$[EMAIL PROTECTED]">news:8pb61i$qbm$[EMAIL PROTECTED]...
> hi,
>
> i can ping the servers from the PIX , but not the virtual IP ... the
servers
> are not directly plugged in the LD .. there is a common switch for the LD
> interface,the PIX internal interface and the servers as they all are in
the
> sane network. one thing i want is that should i plug in one more interface
> of the LD in the same network as right now i have only one interface into
> this network.
>
> regds
> Pushkar
>
> "Jeffrey Eiber" <[EMAIL PROTECTED]> wrote in message
> news:8pb024$fo2$[EMAIL PROTECTED]...
> > I didn't notice anything obviously wrong with your config. This may
sound
> > obvious, but the LD uses a regular old NIC. If your servers are plugged
> > directly into the LD, you must use a crossover cable. For
troubleshooting
> > only, allow any port to pass through the local director. Then lock it
> down
> > to 80/443 after everything is working. Try ping your servers from the
LD,
> > and try to ping the LD from the PIX DMZ interface. Do a 'show real' and
> > 'show virtual' to get some better info than the config.
> >
> > Let me know how you do from here.
> >
> > Jeff
> >
> > ""Pushkar Shirolkar"" <[EMAIL PROTECTED]> wrote in message
> > 8p97ca$mco$[EMAIL PROTECTED]">news:8p97ca$mco$[EMAIL PROTECTED]...
> > > hi friends,
> > > i have a strange prob. i have a cisco load director 416 ... and have a
> > very
> > > simple config. i have a firewall whose one interface is to the
internet
> > and
> > > one to the internal n/w ... as usual .. nothing diff. ..... and
inside
> on
> > > the n/w i have one load director and 2 web servers which i want to
load
> > > balance ...
> > >
> > > i have natted the virtual IP in the firewall to a public IP .. and
> opened
> > > port 80 for incoming hits .... now this virtual IP is bound to the 2
web
> > > servers ...
> > >
> > > but the prob is that i donot get any inbound connections from outside
..
> > > also when i tried to telnet to port 80 of the virtual IP from inside
> also
> > ..
> > > i'm unable to do so ...
> > >
> > > also i have connected only one ethernet cable from the first ethernet
> > > interface on the LAN .. do i have to connect another cable from the
> second
> > > interface even though they are in the same n/w ??
> > >
> > > please can anyone help out ... this is ans SOS situation ..
> > > the config file is below .. please take a look ...
> > >
> > > Pushkar
> > > ---------------------------------------------------
> > > : Saved
> > > : LocalDirector 416 Version 3.1.4
> > > syslog output 20.3
> > > no syslog console
> > > enable password 4d9b64f9ab66474af34252545443b8 encrypted
> > > hostname web_ld
> > > no shutdown ethernet 0
> > > no shutdown ethernet 1
> > > shutdown ethernet 2
> > > interface ethernet 0 auto
> > > interface ethernet 1 auto
> > > interface ethernet 2 auto
> > > mtu 0 1500
> > > mtu 1 1500
> > > mtu 2 1500
> > > multiring all
> > > no secure 0
> > > no secure 1
> > > no secure 2
> > > no ping-allow 0
> > > no ping-allow 1
> > > no ping-allow 2
> > > ip address 172.16.0.254 255.255.255.0
> > > no rip passive
> > > rip version 1
> > > failover ip address 0.0.0.0
> > > no failover
> > > password cisco
> > > snmp-server enable traps
> > > no snmp-server contact
> > > no snmp-server location
> > > virtual 172.16.0.253:80:0:tcp is
> > > virtual 172.16.0.253:443:0:tcp is
> > > real 172.16.0.4:80:0:tcp is
> > > real 172.16.0.10:80:0:tcp is
> > > name 172.16.0.4 web1
> > > name 172.16.0.10 web2
> > > name 172.16.0.253 domain
> > > bind 172.16.0.253:80:0:tcp 172.16.0.4:80:0:tcp
> > > bind 172.16.0.253:80:0:tcp 172.16.0.10:80:0:tcp
> > > : end
> > >
> > >
> > > **NOTE: New CCNA/CCDA List has been formed. For more information go to
> > > http://www.groupstudy.com/list/Associate-Announcement.html
> > > _________________________________
> > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> > **NOTE: New CCNA/CCDA List has been formed. For more information go to
> > http://www.groupstudy.com/list/Associate-Announcement.html
> > _________________________________
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associate-Announcement.html
> _________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associate-Announcement.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
