If I have two webservers with private IP address, like 192.168.10.151 and 192.168.10.152 and they are hooked into a dell 3548 and then a cable goes from the 3548 to CSS on e8 which is VLAN 1. How do I get those to be accessed by a public IP address?
Do I make the VIP a private IP or public IP? If i make it private how do I route traffic to those private IPs? This is probably hard to understand as it is more in depth than just this. I have a diagram but i am not sure how to post it for viewing. Can someone help.
The easiest solution is to make the vip a public ip.
You could also use a private ip if you have a gateway or a firewall upstream to do the nating.
Ok, and I have done that, but I guess its a little more in depth than that. I have two dell 3548's in a Rapid spanning tree mode, each of the 24 ports on each switch is split into 2 VLANS one for the public IP range of 192.168.10.x and the other 24 ports setup for the public IP range of 209.172.156.x
So the webservers are private IP's and are plugged into the 3548's VLAN for the Private IP range, then a cable goes to the CSS on a vlan setup with an IP interface of 192.168.10.254, with a VIP of 209.172.156.x, and services (WEBSERVERS) of 192.168.10.x.
Then I want to create another vlan on the CSS that has an IP interface of 209.172.156.x and plug a cable from that VLAN port on the CSS to 3548's VLAN for the Public IP range of 209.172.156.x, then a cable would go from that VLAN with Public IP Range on the 3548 to another device (PIX515)
Does this make sense to you?
So the question is...
When traffic comes in off the pix to the 209.172.156.x range how do we get the requests to get to the webservers?
Or I am making this way to complicated?
Your design is the standard solution.
The pix will send an arp request for the vip address in the range 209.172.156.x.
The CSS will answer the arp request with its own mac-address.
The pix then forward the traffic to the CSS.
The CSS will receive it and make a loadbalancing decision to select one of the webserver. It then nat vip address with the server address and forwards the traffic.
The webserver does get the traffic.
The response will be sent back to the default gateway whih should be the css private address.
The CSS will receive the response, perform the revserse nating and forward the traffic to its gateway which should be the pix.
Easy. Simple. Clear.
So having two vlans on the CSS and on the Dell 3548's is ok? And you did fully understand what I am trying to accomplish correct? Do I have to enable VLAN routing on the CSS so that the Public Vlan and Private Vlan can pass packets back and forth?