Re: servers with Public IP behind CSS

evfodor · ‎06-06-2006

I have a customer who has several FTP servers behind a css. Some of them has private Ip addresses some of them has public IP addresses. He need to NAT the private IP addresses to a VIP address, but he want to reach public Ip address's servers, with their public IP (without NAT). How can he do that? (with acl and source group?)

Thanks,

Eva

Gilles Dufour · ‎06-08-2006

Eva,

the CSS is also a router, so everything behind it is by default accessible using their ip addresses.

So, there should be nothing special to do for the servers with public ip [just make sure routing in your network is learning the route to the servers through the CSS].

For the other servers, do you need to access each one of them separately ? If so you will need one content rule for each server. This is how nating is done.

If you do not need to access them, but want to loadbalance, then you need 1 content rule and list the servers under this rule.

For connections opened by the server, the same question applies - do you need one-to-one or many-to-one.

Usually, we go for many to one.

All you need then is a group to nat the server initiated connections.

ie:

group ServerNat

vip x.x.x.x

add service FTP1

add service FTP2

...

active

Regards,

Gilles.