From: Joseph Brunner (joe@affirmedsystems.com)
Date: Sun May 18 2008 - 19:40:34 ART
Good afternoon,
I was working on a project that required one dns A record/one public ip
address reach 2 different servers in the dmz using private ip addresses.
I reached for IOS SLB to handle this request, but much to my shock it has
been removed from IOS on the ISR's.
Does any one know why Cisco removed the IOS SLB feature from the ISR's?
I decided to use the nat rotary pool feature to solve this issue, however
the servers do not use consecutive ip addresses on the dmz private ip space.
The servers are 192.168.2.50 & 192.168.2.52, respectively;
I created the nat rotary pool to be 192.168.2.50 - 192.168.2.52. My question
is since 192.168.2.51 does not EXIST how can I prevent connections to the
public external
referenced in the "ip nat inside destination <ACL> from trying
192.168.2.51???
Here are the relevant config lines.
interface Vlan20
description PAETEC_INTERNET
ip address 64.212.78.2 255.255.255.128
ip nat outside
ip virtual-reassembly
interface Vlan15
description DMZ_NETWORK
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip access-list standard webmailonpaetec
permit 64.212.78.10
ip nat pool webmailservers 192.168.2.50 192.168.2.52 prefix-length 24 type
rotary
ip nat inside destination list webmailonpaetec pool webmailservers
Thank you,
Joe
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:17 ART