Re: CSM Nat Server/Client??

carlsond · ‎07-19-2004

When configuring a CSM module, when do I need to configure NAT Server or Nat client on my Serverfarms? I know what NAT is but what is it's function in this situation? The docs give no real information about this.

Thanks.

jfoerster · ‎07-19-2004

Hi,

this is quite simple. In loadbalancing environments you have to make sure, connections comming from a client are returned via the CSM from the server. Otherwise you will have an half opened session which might get detected as DoS. In some other scenarios you have to make sure, that the sequences are correct and that the reals do not talk with each other. Therefore client NAT is needed so that the server thinks that the request is comming from the CSM and not from the real who initianted the connection. Server NAT is necessary if you place a VIP in front of some servers. IF you won't do server nat the Server won't accept the request (except you have a loopback with the same IP configured).

Hope that explained things a bit better.

Cheers,

Joerg

carlsond · ‎07-20-2004

That helps but when you establish a client natpool is one address enough or do you need more? Also, have you found any good information on the CSM's? The Docs are very poor at explaining concepts..

Thank You..

Dave

jfoerster · ‎07-20-2004

Hi Dave,

depending on your application one IP is enough but you have to be aware that his address is used as PAT-Address and so you won't have that much potential connections as if you would have more IP-Addresses to do source(client) NAT. What questions do you have in regards of concepts?

There are more or less only three ways to configure a CSM:

1) bridged mode (client and server VLAn have the same IP scope)

2) secure/dispateched/routed mode (client and server VLAn have different IP scopes

3) a combination of 1 and 2

Some documents can be found at

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/csm/index.htm

Cheers,

Joerg