11-16
Catalyst 6500 Series Content Switching Module Configuration Note
OL-4612-01
Chapter 11 Configuring Firewall Load Balancing
Configuring Regular Firewall Load Balancing
Configuring Regular Firewall Load Balancing
This section describes how to configure firewall load balancing for regular firewalls and provides the
following information:
• Packet Flow in a Regular Firewall Configuration, page 11-16
• Regular Firewall Configuration Example, page 11-17
Packet Flow in a Regular Firewall Configuration
In a regular firewall configuration, firewalls connect to two different VLANs and are configured with IP
addresses on the VLANs to which they connect. (See Figure 11-7.)
Step 17
Switch-B(config-slb-vserver)# serverfarm
TO-OUTSIDE-SF
Specifies the server farm for this virtual server
(containing the alias IP addresses of CSM A as real
servers and allowing traffic to flow through
Firewalls 1 and 2) and enters real server
configuration submode.
Step 18
Switch-B(config-slb-vserver)# inservice
Enables the virtual server.
Step 19
Switch-B(config-slb-vserver)# exit
Returns to multiple module configuration mode.
Step 20
Switch-B(config-module-csm)# vserver
TELNET-VS
Specifies TELNET-VS
5
as the virtual server that is
being configured and enters virtual server
configuration mode.
Note TELNET-VS does not use a VLAN limit;
any source traffic (from firewalls or internal
network) will be load balanced through this
address.
Step 21
Switch-B(config-slb-vserver)# virtual
10.1.0.200 255.255.255.0 tcp telnet
Specifies the IP address, netmask, protocol (TCP),
and port (Telnet) for this virtual server
6
.
Step 22
Switch-B(config-slb-vserver)# serverfarm
SERVERS-SF
Specifies the server farm containing real servers for
this virtual server.
Step 23
Switch-B(config-slb-vserver)# inservice
Enables the virtual server.
1. Client matching is only limited by VLAN restrictions.
2. This server farm is actually a forwarding predictor rather than an actual server farm containing real servers.
3. FORWARD-VS allows traffic from the Internet to reach the intranet through VLAN 20.
4. INSIDE-VS allows traffic from the intranet to reach CSM A through Firewall 1 (through VLANs 102 and 101) or
Firewall 2 (through VLANs 104 and 103).
5. TELNET-VS allows traffic from the Internet to reach Telnet servers in the internal network.
6. Clients reach the server farm represented by this virtual server through this address.
Command Purpose
To Next Page
Loading...
