Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
0
Helpful
1
Replies

Global Server Load Balancing (BSLB) 11500

bnajm
Level 1
Level 1

‎12-12-2004 04:38 PM

We have two datacenters in two different locations with two redundant CSSs at each location. The two datacenters will be used to host our website and to provide load-balancing and load-sharing. We are using pix firewalls at each location to protect our website. Our security policy permits only private addresses to be configured behind the PIXs. The PIXs are NATing the public IP addresses on the outside to private IP addresses on the inside. Since the CSSs are located behind the firewalls, the VIPs are configured using private IP addresses. In order to configure Global Server Load-balancing (GSLB), the CSSs must be configured as the authoritative DNS servers for our sub-domain. In this case the CSSs will return an A record that contains a private IP address that is not addressable from the Internet (the VIP IP address). Do you have any suggestion on how to make GSLB work without having to extend the Public addresses beyond the PIXs to reach the outside interface on the CSS?

Thanks,

Bachir Najm

Labels:
0 Helpful
1 Reply 1

seilsz
Level 4
Level 4

‎12-12-2004 07:42 PM

Hi Bachir -

Have you tested this configuration? ASA on the PIX should handle translation for DNS A records.

Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb727.html#wp1063720

~Zach

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card