Re: Another NAT problem

From: Nigel Taylor (nigel_taylor@hotmail.com)
Date: Sat Nov 02 2002 - 21:11:49 GMT-3

Hunt,
          I believe you're referring to this IOS SLB which seems to specific
to the newer Cat4xxx and 65xx products. I couldn't find anything that
suggest this could be done with NAT on a standard (2500) model router.

Here's the link I'm referring too... watch the line wrap.

http://www.cisco.com/en/US/customer/products/hw/switches/ps708/products_whit
e_paper09186a00800924fd.shtml

Also, based your router config there isn't anything to binding the "virtual
address" you mention to the NAT implementation. Also, there's nothing
that's telling routerB(short of using a static route) to forward packets for
the 100.x.x.x network to routerA.

I'm really lost on what it is you're trying to do?

Nigel

----- Original Message -----
From: "Hunt Lee" <ciscoforme3@yahoo.com.au>
To: "Nigel Taylor" <nigel_taylor@hotmail.com>
Cc: <ccielab@groupstudy.com>
Sent: Saturday, November 02, 2002 6:29 PM
Subject: Re: Another NAT problem

> Hi Nigel,
>
> I'm trying to use the TCP load balancing feature of NAT. So from the
outside
> there appears to be a single server at the Internal Global address
> (100.20.1.1). And in reality, the router (RTA) is configured to perform
> round-robin NAT translation to the three Internal Local IPs (192.168.1.2,
> 192.168.1.3 & 192.168.1.4).
>
> According to CCO http://www.cisco.com/warp/customer/556/5.html , for
outside to
> inside, NAT should always take place before routing.
>
> However, from my test lab, I couldn't get the RTA to translate the packets
when
> outside hosts are trying to reach 100.20.1.1... don't know why.
>
> RTB#ping 100.20.1.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 100.20.1.1, timeout is 2 seconds:
> U.U.U
> Success rate is 0 percent (0/5)
> RTB#
>
>
> RTA#sh ip nat translations
>
> RTA#
>
>
> Regards,
> H.
>
>
> --- Nigel Taylor <nigel_taylor@hotmail.com> wrote: > Hunt,
> > I'm a bit lost on what exactly it is you're trying to
accomplish?
> > I understand that you have 3 servers with mirrored content and I'm
guessing
> > you would like users to access any of the three devices as requested. I
> > don't see how NAT will help you out in this situation. If you use a
static
> > mapping then you'll have to define a different "virtual IP" for each
device.
> > However, if you use port mapping then the ports will be unique(unless
> > statically defines). Why not simply define the 3 servers in DNS this
way
> > the hostname(URL) resolves to any of the 3 servers. Additionally, you
could
> > opt for one of the content switches form Cisco, foundry, etc...
> >
> > HTH
> >
> > Nigel
> >
> > ----- Original Message -----
> > From: "Hunt Lee" <ciscoforme3@yahoo.com.au>
> > To: <ccielab@groupstudy.com>
> > Sent: Saturday, November 02, 2002 6:25 AM
> > Subject: Another NAT problem
> >
> >
> > > Group,
> > >
> > > I have run into another NAT problem. This time, what I'm trying to
> > achieve is
> > > that I have 3 servers with mirrored content, & I want to create a
"virtual
> > > server" with an IP of 100.20.1.1
> > >
> > > ServerA (192.168.1.2/24)
> > > \
> > > ServerB (192.168.1.3/24)- RTA ---- RTB (207.35.14.81 /30)
> > > /
> > > ServerC (192.168.1.4/24)
> > >
> > > But when I tried to ping the Virtual IP from RTB, no NAT translation
is
> > taking
> > > place, and hence the ping is unsucessful.
> > >
> > >
> > > here's RTA config...
> > >
> > > interface FastEthernet0/0
> > > description Inside NAT - to the 3 servers
> > > ip address 192.168.1.1 255.255.255.0
> > > ip nat inside
> > > no ip route-cache
> > > no ip mroute-cache
> > > duplex auto
> > > speed auto
> > > !
> > > interface Serial0/0
> > > description to Outside - to RTB
> > > ip address 207.35.14.82 255.255.255.252
> > > ip nat outside
> > > no ip route-cache
> > > no ip mroute-cache
> > > clockrate 64000
> > >
> > >
> > > ip nat pool PoolOne 192.168.1.2 192.168.1.4 prefix-length 24 type
rotary
> > > ip nat inside destination list 5 pool PoolOne
> > >
> > > access-list 5 permit 100.20.1.1
> > >
> > >
> > > ****** I can ping fine to the Internal local IPs of the 3 servers
*****
> > >
> > > RTB#ping 192.168.1.2
> > >
> > > Type escape sequence to abort.
> > > Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
> > > !!!!!
> > > Success rate is 100 percent (5/5), round-trip min/avg/max = 32/33/36
ms
> > > RTB#ping 192.168.1.3
> > >
> > > Type escape sequence to abort.
> > > Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
> > > !!!!!
> > > Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36
ms
> > > RTB#
> > >
> > >
> > >
> > > **** but when I try to ping the Virtual IP, nothing happens ****
> > >
> > > RTB#ping 100.20.1.1
> > >
> > > Type escape sequence to abort.
> > > Sending 5, 100-byte ICMP Echos to 100.20.1.1, timeout is 2 seconds:
> > > U.U.U
> > > Success rate is 0 percent (0/5)
> > > RTB#
> > >
> > >
> > > RTA#sh ip nat translations
> > >
> > > RTA#
> > >
> > > Any help will be greatly appreciated.
> > >
> > > Regards,
> > > H.
> > >
> > > http://careers.yahoo.com.au - Yahoo! Careers
> > > - 1,000's of jobs waiting online for you!
>
> http://careers.yahoo.com.au - Yahoo! Careers
> - 1,000's of jobs waiting online for you!

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:51 GMT-3