05-28-2017 05:33 AM - edited 03-19-2019 12:28 PM
Hello Dears ,
as per cisco expressway basic configuration deployment guide V 8.9 page 59 : clustering > The LAN interface that you use for clustering must not have Static NAT mode enabled. For these reasons, we recommend that you use LAN2 as the externally facing interface, and also enable static NAT on LAN2 when it's required.
so my understanding here is to make expressway clustering i have to use Dual NIC Static NAT Deployment.
my question is what if i have only single firewall, how can i deploy expressway E clustering?
Does expressway clustering is supported for (3-port Firewall DMZ Using Single Expressway-E LAN Interface) deployment model?
can we use Dual NIC Static NAT Deployment with single firewall?
Thanks
Essam
05-28-2017 08:49 AM
You can do clustering with single NIC, the caveat is that since you cannot use NAT, you would need to use the public IP directly in the expressway server for this.
05-28-2017 08:57 AM
thanks a lot Jaime ,
so, if i used public IP directly in express way Es. there is no need for NAT Reflection?
is there any way to use Dual NIC static NAT deployment with single firewall?
BR,
Essam
05-28-2017 11:33 AM
Correct. A single NIC a with a public IPv4 address does not require NAT reflection.
Yes. Just create two VLANs on the firewall. The requirement of dual NIC is two separate subnets, not two separate firewalls. Just ensure your firewall is sized properly since it will be inspecting the same packet twice.
05-28-2017 01:45 PM
i understand that both expressway E NICs will be in DMZ zone but with two different subnets. correct?
if i used dual NIC deployment with single firewall, is this deployment will be supported as i cannot see such deployment at any cisco document?
05-29-2017 03:24 AM
I don't see any reason of not supporting it. I worked in Telepresence TAC and i have seen many weird deployment for Expressway :).
The one you are asking is pretty much a fair request to do.
Regards,
Alok
12-11-2017 01:29 AM
Hi Essam,
Are you able to deploy expressway clustering 3-port Firewall DMZ Using Single Expressway-E LAN Interface.If yes can you send me the details.I am also facing the same issue.
Regards
Sulfi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide