Question : Win2K3 NLB works on the LAN but not from outside the Pix

Hey,  this is killing me.  I have 2 win2k3 machines set up and an NLB cluster configured on them.  For the sake of this email, web1 (10.1.1.10) and web2 (10.1.1.11) clustered at cluster1 (10.1.1.12.)  I have NLB set up as a web farm, and the machines are in single NIC unicast mode as I've read this is the most router firendly configuration.  Everything works fine internally:  I can hit web1, web2, cluster1, and do so over http over https.  I just can't hit it from outside the firewall.

I have a static mapping on my Pix between the cluster's virtual IP and an external IP, with a conduit permit statement on SSL traffic.  I can ping the cluster by name and IP from outside, but I'me getting "Page not found" 404 errors, when I attempt to browse to it.  In troubleshooting, I read somewhere that I need a static ARP alias on the Pix so the virtual IP gets mapped to the virtual MAC address.  I've done this as well, no dice.

Both machines and the internal interface of the Pix are connected to a Baystack 450-24T switch.  Since the NLB is working properly on the LAN, I really don't think it's the switch--nonetheless I checked the MAC table on the switch and the proper virtual MACs are being applied to the switch (same as the virtual MAC, except the second sextet is substituted with NLB priority.)

Thanks in advance.

--greg

Answer : Win2K3 NLB works on the LAN but not from outside the Pix

PAQed with no points refunded (of 500)

modulo
Community Support Moderator
Random Solutions  
 
programming4us programming4us