01-10-2024 08:02 AM
Hi
I have an issue to contact the VIP of our Microsoft NLB.
We have a cluster of 2 PA-1410 (active/passive). On this cluster, I configured interface aggregate with sub-interfaces with ID vlan (ex :vlan10, vlan 50, vlan193..). Each IP of the interface VLAN is the gateway configured on my servers.
On the VLAN193, I have 2 Windows servers with NLB installed. On CLI on the FW, I'm able to ping the real IP of the NLB and the VIP when the source IP for the ping is the vlan interface of vlan10 or interface vlan50 or interface vlan193. From remote sites who access to the NLB via VPN Ipsec tunnel configured on the PA, I can ping the VIP. But from servers hosted on vlan10 or vlan50, I'm able to ping real IP but not the VIP. And there is no policy rule who dropped the trafic.
Do you have an idea why I'm able to ping the VIP from all VLAN interface configured on the PA or from remote site via the VPN and not from servers hosted on the other vlan than NLB is hosted ?
BR
08-12-2024 01:46 AM
Adan_Mora is correct. The reason why you can also find on microsoft website.
I would accept adan_mora as solutioin.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
