From: Jason Brown (jasbrown@gmail.com)
Date: Thu Jun 01 2006 - 19:00:16 ART
This all really depends on your setup...
Most likely:
1 - You need to static the VIP on the CSM to a public address (on the FWSM)
this will allow the server to be accessed from the internet.
Now the server initiated traffic is another thing. If you dont need the
server traffic to be seen as the same IP address as the VIP then you just do
a global forward vserver on the CSM defined as predictor forward and then
just have a nat / global on the FWSM for it to go out.
2 - If the server is say an Email server and needs to be seen as the same IP
address as the VIP and the VIP is a Public address then you need to define
in the CSM that the server initated traffic is "static nat'd"
Example 1 -
FWSM
static (inside,outside) 200.200.200.200 192.168.100.20 netmask
255.255.255.255
nat (inside) 1 192.168.100.0 255.255.255.0
global (outside) 1 200.200.200.254
CSM
serverfarm FORWARD
no nat server
no nat client
predictor forward
vserver GLOBAL
virtual 0.0.0.0 0.0.0.0 any
serverfarm FORWARD
persistent rebalance
no inservice
Example 2 -
FWSM
static (inside,outside) 200.200.200.200 200.200.200.200 netmask
255.255.255.255
CSM
static nat 200.200.200.200
real 192.168.100.20
serverfarm FORWARD
no nat server
no nat client
predictor forward
vserver GLOBAL
virtual 0.0.0.0 0.0.0.0 any
serverfarm FORWARD
persistent rebalance
no inservice
HTH
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:31 ART