cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1468
Views
0
Helpful
6
Replies

Cisco Expressway clustering (MRA) only

essam_farrag
Level 1
Level 1

Hello Dears ,

as per cisco expressway basic configuration deployment guide V 8.9 page 59 : clustering > The LAN interface that you use for clustering must not have Static NAT mode enabled. For these reasons, we recommend that you use LAN2 as the externally facing interface, and also enable static NAT on LAN2 when it's required.

so my understanding here is to make expressway clustering i have to use Dual NIC Static NAT Deployment.

my question is what if i have only single firewall, how can i deploy expressway E clustering?

Does expressway clustering is supported for (3-port Firewall DMZ Using Single Expressway-E LAN Interface) deployment model? 

can we use Dual NIC Static NAT Deployment with single firewall?

Thanks

Essam

6 Replies 6

Jaime Valencia
Cisco Employee
Cisco Employee

You can do clustering with single NIC, the caveat is that since you cannot use NAT, you would need to use the public IP directly in the expressway server for this.

HTH

java

if this helps, please rate

thanks a lot Jaime ,

so, if i used public IP directly in express way Es. there is no need for NAT Reflection?

is there any way to use Dual NIC static NAT deployment with single firewall?

BR,

Essam

Correct. A single NIC a with a public IPv4 address does not require NAT reflection.

Yes. Just create two VLANs on the firewall. The requirement of dual NIC is two separate subnets, not two separate firewalls. Just ensure your firewall is sized properly since it will be inspecting the same packet twice.

 i understand that both expressway E NICs will be in DMZ zone but with two different subnets. correct?

if i used dual NIC deployment with single firewall, is this deployment will be supported as i cannot see such deployment at any cisco document?

 

I don't see any reason of not supporting it. I worked in Telepresence TAC and i have seen many weird deployment for Expressway :). 

The one you are asking is pretty much a fair request to do.

Regards,

Alok

Hi Essam,

 

Are you able to deploy expressway clustering 3-port Firewall DMZ Using Single Expressway-E LAN Interface.If yes can you send me the details.I am also facing the same issue.

 

Regards

 

Sulfi