Re: complex nat server load-balancing issue

From: Thomas Fowles (tfowles@gmail.com)
Date: Sun May 18 2008 - 23:50:01 ART

• Next message: sathappan sathappan: "Re: private vlan"
• Previous message: Chris Zhang: "Re: security track lab equipment"
• Maybe in reply to: Joseph Brunner: "complex nat server load-balancing issue"
• Next in thread: Thomas Fowles: "Re: complex nat server load-balancing issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Joe-

Try setting up your NAT pool like this:

ip nat pool webmailservers prefix-length 24
  address 192.168.2.50 192.168.2.50
  address 192.168.2.52 192.168.2.52

HTH

-Tom
CCIE#18762

http://www.linkedin.com/in/thomasfowles

On Sun, May 18, 2008 at 6:40 PM, Joseph Brunner <joe@affirmedsystems.com>
wrote:

> Good afternoon,
>
>
>
> I was working on a project that required one dns A record/one public ip
> address reach 2 different servers in the dmz using private ip addresses.
>
> I reached for IOS SLB to handle this request, but much to my shock it has
> been removed from IOS on the ISR's.
>
>
>
> Does any one know why Cisco removed the IOS SLB feature from the ISR's?
>
>
>
> I decided to use the nat rotary pool feature to solve this issue, however
> the servers do not use consecutive ip addresses on the dmz private ip
> space.
>
>
>
> The servers are 192.168.2.50 & 192.168.2.52, respectively;
>
>
>
> I created the nat rotary pool to be 192.168.2.50 - 192.168.2.52. My
> question
> is since 192.168.2.51 does not EXIST how can I prevent connections to the
> public external
>
> referenced in the "ip nat inside destination <ACL> from trying
> 192.168.2.51???
>
>
>
> Here are the relevant config lines.
>
>
>
>
>
>
>
> interface Vlan20
>
> description PAETEC_INTERNET
>
> ip address 64.212.78.2 255.255.255.128
>
> ip nat outside
>
> ip virtual-reassembly
>
>
>
> interface Vlan15
>
> description DMZ_NETWORK
>
> ip address 192.168.2.1 255.255.255.0
>
> ip nat inside
>
> ip virtual-reassembly
>
>
>
> ip access-list standard webmailonpaetec
>
> permit 64.212.78.10
>
>
>
> ip nat pool webmailservers 192.168.2.50 192.168.2.52 prefix-length 24 type
> rotary
>
>
>
> ip nat inside destination list webmailonpaetec pool webmailservers
>
>
>
>
>
>
>
> Thank you,
>
>
>
> Joe
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: sathappan sathappan: "Re: private vlan"
• Previous message: Chris Zhang: "Re: security track lab equipment"
• Maybe in reply to: Joseph Brunner: "complex nat server load-balancing issue"
• Next in thread: Thomas Fowles: "Re: complex nat server load-balancing issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:17 ART