07-20-2005 07:33 AM
Hi,
Right now, I have already deploy a 6509 with CSM (ver 4.2.2) and SSLM in my current network. Everthing was fine until I need to migrate a group of server farms. This particular group of server farm (172.5.175.X) are residing in another segment, different from my Vserver (137.x.x.x) IP address segment.
The client can only reach my real server till i configure a natpool
into my serverfarm. I realise this is because my real server try to reach
my client directly but the client drop the packets as the client is
expecting a reply from the Vserver address.
However, for my another group of server farm (137.x.x.x) whose address is the same segment as the Vserver address, the real server also reach the client directly but it works.
I'm quite perplex by this as all segment (serverfarm, Vserver, Client)
are reachable to one another.
Can somebody shed some light on this ?
Another question that I want to rise is that, do I need to configure
additional natpool ? If I need to migrate addtional server farm which
are also in the another segment totally different from the rest (e.g existing server farms, Vserver) or can I use the same natpool ?
Please advise thanks.
My config is as attached
07-20-2005 08:54 AM
looks to me that your 137.x.x.x servers respond back to client ip address but using the CSM as default gateway.
As soon as the CSM gets the traffic it will nat the server ip into the vserver ip and the client will receive a respond from the vip.
Your servers 172.x.x.x are not in any vlan attached to the CSM, so I believe that the response from the server goes back to the client without going through the CSM.
Using client nat forces the server to send traffic back to the CSM.
If you don't want the nat pool, you can use policy routing to intercept the response from the servers and forward it to the CSM.
Regards,
Gilles.
07-20-2005 11:07 PM
Hi Gilles,
Thanks for the reply. Your information is certainly helpful.
By the way, do you any information to share regrading my second questions.
"Another question that I want to rise is that, do I need to configure additional natpool ? If I need to migrate addtional server farm which are also in the another segment totally different from the rest (e.g existing server farms, Vserver) or can I use the same natpool ? "
Many thanks
07-21-2005 01:18 AM
You can use the same natpool.
Makeu sure you do not run out of addresses and ports in your pool for all your connections.
Regards,
Gilles.
Please, rate my answers :-)
07-21-2005 02:19 AM
Hi Gilles,
So mean to say that if the connections to my server farms are not heavy. I can even configure just 1 address in my natpool to faclitiate the respective server farms.
regards,
AAron
07-21-2005 04:41 AM
yes, you could use just 1 ip.
That's actually what I'm doing in my lab.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide