Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
292
Views
0
Helpful
3
Replies

Server load balancing with PIX

kdasari
Level 1
Level 1

‎10-28-2004 04:54 PM - edited ‎02-20-2020 11:42 PM

I need to translate two dmz servers to registered IP and enable inbound connection as well as outbound connection to both these servers. Is it possible?

for example

static(dmz,outside) 12.176.23.12 10.17.200.54 netmask

static(dmz,outside) 12.176.23.12 10.17.200.55 netmask

will this config work with out any problems pix doing the roundrobin translation.

in ios this can be achieved with inside destination nat with pool of rotary type for example?

What are the considerations and issues one should be aware, if at all it works?

thanks

JSC

0 Helpful
3 Replies 3

scoclayton
Level 7
Level 7

‎10-28-2004 05:29 PM

The PIX will take this configuration but you will not achieve your load balancing goal. With the config above, all packets sent to 12.176.23.12 will be translated via the first static in the config (top most if parsing the config from the top-down). There is no config that you can put into the PIX that will allow you to load balance between 2 servers as you specified above.

My suggestion in this case (if you cannot afford a CSS or some other load balancing device) is to employ IOS SLB on the router outside of the PIX. Then just create 1:1 statics on the PIX for the 2 servers that IOS SLB is going to use.

Let me know if this is not clear. Good luck.

Scott

0 Helpful

kdasari
Level 1
Level 1
In response to scoclayton

‎10-28-2004 09:11 PM

Scot:

Thanks for the message. I was hoping to achieve this in the PIX. Well, I could do this outside of pix via dns round robin, or IOS SLB or NAT rotary etc.

Any ideas as to why this is not supported in the PIX?

Thanks.

0 Helpful

scoclayton
Level 7
Level 7
In response to kdasari

‎10-29-2004 04:21 AM

1) either it was never requested as a feature, or

2) the development team choose to spend their time on other features deemed more important.

I don't think there is a silver bullet answer to this question...that I am aware of.

Sorry

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card