RE: complex nat server load-balancing issue

From: Joseph Brunner (joe@affirmedsystems.com)
Date: Mon May 19 2008 - 01:38:03 ART

• Next message: Roger RPF: "AW: redistribution strategies"
• Previous message: Thomas Fowles: "Re: complex nat server load-balancing issue"
• Maybe in reply to: Joseph Brunner: "complex nat server load-balancing issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Wow! Nat pool config mode!!!

You're the man

;)

Thank you!!!

-Joe

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Thomas Fowles
Sent: Sunday, May 18, 2008 11:30 PM
To: Joseph Brunner
Cc: Cisco certification
Subject: Re: complex nat server load-balancing issue

Sorry ... left off the rotary type:

ip nat pool webmailservers prefix-length 24 type rotary
  address 192.168.2.50 192.168.2.50
  address 192.168.2.52 192.168.2.52

-Tom
CCIE#18762

http://www.linkedin.com/in/thomasfowles

On Sun, May 18, 2008 at 10:50 PM, Thomas Fowles <tfowles@gmail.com> wrote:

> Joe-
>
> Try setting up your NAT pool like this:
>
> ip nat pool webmailservers prefix-length 24
> address 192.168.2.50 192.168.2.50
> address 192.168.2.52 192.168.2.52
>
> HTH
>
> -Tom
> CCIE#18762
>
> http://www.linkedin.com/in/thomasfowles
>
>
>
> On Sun, May 18, 2008 at 6:40 PM, Joseph Brunner <joe@affirmedsystems.com>
> wrote:
>
>> Good afternoon,
>>
>>
>>
>> I was working on a project that required one dns A record/one public ip
>> address reach 2 different servers in the dmz using private ip addresses.
>>
>> I reached for IOS SLB to handle this request, but much to my shock it has
>> been removed from IOS on the ISR's.
>>
>>
>>
>> Does any one know why Cisco removed the IOS SLB feature from the ISR's?
>>
>>
>>
>> I decided to use the nat rotary pool feature to solve this issue, however
>> the servers do not use consecutive ip addresses on the dmz private ip
>> space.
>>
>>
>>
>> The servers are 192.168.2.50 & 192.168.2.52, respectively;
>>
>>
>>
>> I created the nat rotary pool to be 192.168.2.50 - 192.168.2.52. My
>> question
>> is since 192.168.2.51 does not EXIST how can I prevent connections to the
>> public external
>>
>> referenced in the "ip nat inside destination <ACL> from trying
>> 192.168.2.51???
>>
>>
>>
>> Here are the relevant config lines.
>>
>>
>>
>>
>>
>>
>>
>> interface Vlan20
>>
>> description PAETEC_INTERNET
>>
>> ip address 64.212.78.2 255.255.255.128
>>
>> ip nat outside
>>
>> ip virtual-reassembly
>>
>>
>>
>> interface Vlan15
>>
>> description DMZ_NETWORK
>>
>> ip address 192.168.2.1 255.255.255.0
>>
>> ip nat inside
>>
>> ip virtual-reassembly
>>
>>
>>
>> ip access-list standard webmailonpaetec
>>
>> permit 64.212.78.10
>>
>>
>>
>> ip nat pool webmailservers 192.168.2.50 192.168.2.52 prefix-length 24
>> type
>> rotary
>>
>>
>>
>> ip nat inside destination list webmailonpaetec pool webmailservers
>>
>>
>>
>>
>>
>>
>>
>> Thank you,
>>
>>
>>
>> Joe
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

• Next message: Roger RPF: "AW: redistribution strategies"
• Previous message: Thomas Fowles: "Re: complex nat server load-balancing issue"
• Maybe in reply to: Joseph Brunner: "complex nat server load-balancing issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:17 ART