Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
579
Views
0
Helpful
2
Replies

Should ACE VIPs be Nated By a Firewall?

dmbergen
Level 1
Level 1

‎01-27-2013 04:09 PM

Cannot seem to find the answer to this question for what the Best practice is or would be. Should the VIP privet ip be NATed at the firewall for internet access? IE,  Internet firewall NAT ------> Privrt WEB server farm VIP.

thanks

Labels:
0 Helpful
2 Replies 2

ajayku2
Cisco Employee
Cisco Employee

‎01-28-2013 12:26 AM

Yes, VIP private IP should be NATed at the firewall for internet access. You can point the default gateway on ACE as firewall interface IP address.

Also in order to accept the incoming connection you may have to use NAT on firewall.

0 Helpful

dmbergen
Level 1
Level 1
In response to ajayku2

‎01-28-2013 04:41 AM

Thank you, However, will this not effect incomming sticky using source IP? Firewall will be seen as the source, not the public IPs access the WEB site?

Having a Public DMZ using all public IPs , protected by a firewall, but not preforming "NAT", Just for a layer of security , this seems the way to go.

thank you

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card