cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 1

Proxy HA with 2 legs

Hi,

Does anyone have some experience with proxy in HA with two legs? One leg to clients and second leg to internet?

If my assumption is correct the config. is same like with normal proxy HA, but it needs also static routes so that the traffic is returned to clients and not leaves to def. gw., right?

I have one environment where I deployed the proxy like this, but customer is complaining, that the connection is slow and some appliacations transactions are failling with timeout(or whatever...). So I made some pcaps and such and although I've seen some resets on the scanning node, those were usually following after e.g. FIN,ACK, so not really that bad, the packets looked quite fine.

So I tried to simulate it in my testlab, made similar configuration(just different networks) and when I made pcap on the director node with static routes, it looks quite weird, like following (192.168.21.56 is client, 192.168.21.154 is the VIP):

pcap_director_with_static.JPG

After that I thought that I could check how it looks like when there are no static routes, and the pcap on director looked much better:

pcap_director_without_static.JPG

With that, I'm now thinking if this is intended behaviour or if we can't use the proxyHA with two legs or I just messed up something 🙂

 

Apreciate any comments/sarcastic remarks 🙂

 

Best regards

Ales

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community