Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
10
Helpful
5
Replies

NAT Client Natpool

AaronKwok
Level 1
Level 1

‎07-20-2005 07:33 AM

Hi,

Right now, I have already deploy a 6509 with CSM (ver 4.2.2) and SSLM in my current network. Everthing was fine until I need to migrate a group of server farms. This particular group of server farm (172.5.175.X) are residing in another segment, different from my Vserver (137.x.x.x) IP address segment.

The client can only reach my real server till i configure a natpool

into my serverfarm. I realise this is because my real server try to reach

my client directly but the client drop the packets as the client is

expecting a reply from the Vserver address.

However, for my another group of server farm (137.x.x.x) whose address is the same segment as the Vserver address, the real server also reach the client directly but it works.

I'm quite perplex by this as all segment (serverfarm, Vserver, Client)

are reachable to one another.

Can somebody shed some light on this ?

Another question that I want to rise is that, do I need to configure

additional natpool ? If I need to migrate addtional server farm which

are also in the another segment totally different from the rest (e.g existing server farms, Vserver) or can I use the same natpool ?

Please advise thanks.

My config is as attached

Labels:
Preview file
3 KB
0 Helpful
5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

‎07-20-2005 08:54 AM

looks to me that your 137.x.x.x servers respond back to client ip address but using the CSM as default gateway.

As soon as the CSM gets the traffic it will nat the server ip into the vserver ip and the client will receive a respond from the vip.

Your servers 172.x.x.x are not in any vlan attached to the CSM, so I believe that the response from the server goes back to the client without going through the CSM.

Using client nat forces the server to send traffic back to the CSM.

If you don't want the nat pool, you can use policy routing to intercept the response from the servers and forward it to the CSM.

Regards,

Gilles.

AaronKwok
Level 1
Level 1
In response to Gilles Dufour

‎07-20-2005 11:07 PM

Hi Gilles,

Thanks for the reply. Your information is certainly helpful.

By the way, do you any information to share regrading my second questions.

"Another question that I want to rise is that, do I need to configure additional natpool ? If I need to migrate addtional server farm which are also in the another segment totally different from the rest (e.g existing server farms, Vserver) or can I use the same natpool ? "

Many thanks

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to AaronKwok

‎07-21-2005 01:18 AM

You can use the same natpool.

Makeu sure you do not run out of addresses and ports in your pool for all your connections.

Regards,

Gilles.

Please, rate my answers :-)

AaronKwok
Level 1
Level 1
In response to Gilles Dufour

‎07-21-2005 02:19 AM

Hi Gilles,

So mean to say that if the connections to my server farms are not heavy. I can even configure just 1 address in my natpool to faclitiate the respective server farms.

regards,

AAron

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to AaronKwok

‎07-21-2005 04:41 AM

yes, you could use just 1 ip.

That's actually what I'm doing in my lab.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents