Hi,

In the scenario where the CSM is in bridge mode,

servers in group1 are in vlan 100

servers in group2 are in vlan 100

The client vlan is 200

The requirement is that the servers in group1 have to be accessed from an external network and from group2 (source NAT) and loadbalanced. Which of the following option works?

1) option1

Policy is configured with one default serverfarm. One virtual server only is created. 2 serverfarms are used until we upgrade to 4.2 (nat client in the policy).

Is the traffic coming from the servers in group2 seen as coming from vlan100 (and dropped, because of "vlan 200" under vserver)? or does the CSM allow this traffic because it is coming from the servers?

vserver group1

virtual 10.1.1.1 tcp any

vlan 200

serverfarm group1

slb-policy group1_NAT

!

serverfarm group1

nat server

no nat client

real name server1_group1

real name server2_group1

!

serverfarm group1_NAT

nat server

nat client group1_NATPOOL

real name server1_group1

real name server2_group1

!

policy group1_NAT

client-group allowVlan100_ACL

serverfarm group1_NAT

2) option 2

Policy is configured. No default serverfarm. The vlan information is different (100 and 200) but the vservers use the same virtual IP.

vserver group1_1

virtual 10.1.1.1 tcp any

vlan 200

slb-policy group1

!

vserver group1_2

virtual 10.1.1.1 tcp any

vlan 100

slb-policy group1_NAT

!

serverfarm group1

nat server

no nat client

real name server1_group1

real name server2_group1

!

serverfarm group1_NAT

nat server

nat client group1_NATPOOL

real name server1_group1

real name server2_group1

!

policy group1

client-group allowAnybodyBut100_ACL

serverfarm group1

!

policy group1_NAT

client-group allowVlan100_ACL

serverfarm group1_NAT

!

Thanks,

Best regards,

Pascal