[c-nsp] c7200 slb nat problem

Mon Nov 13 10:48:34 EST 2006

Hi all,

having follow configuration:

c7200# sho run
[skipped]
boot system disk2:/c7200-jk9s-mz.123-14.T7.bin
[skipped]
!
ip slb serverfarm FA
  nat server
  real 192.168.1.1
   inservice
  real 192.168.1.2
   inservice
!
ip slb vserver VS
  virtual xx.yy.zz.8 udp 53
  serverfarm FA
  inservice
!
[skipped]
!
interface GigabitEthernet0/1
  ip address xx.yy.zz.5 255.255.255.192
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  media-type rj45
  no negotiation auto
  no clns route-cache
!
interface GigabitEthernet0/3
  ip address 192.168.1.3 255.255.255.0
  duplex auto
  speed auto
  media-type rj45
  no negotiation auto
  no clns route-cache
!
[skipped]
!
end

with two real dns boxes directly (L2) connected to Gi0/3 c7200:
192.168.1.1
192.168.1.2

connectivity is fine:

c7200#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!

c7200#ping 192.168.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!

i have a problem when i try to get some NS records by dig request:
unix-box# dig cisco.com @xx.yy.zz.8
;; reply from unexpected source: 192.168.1.2#53, expected xx.yy.zz.8#53
;; reply from unexpected source: 192.168.1.2#53, expected xx.yy.zz.8#53
;; reply from unexpected source: 192.168.1.2#53, expected xx.yy.zz.8#53

unix-box# ping xx.yy.zz.8
PING xx.yy.zz.8 (xx.yy.zz.8): 56 data bytes
64 bytes from xx.yy.zz.8: icmp_seq=0 ttl=61 time=0.787 ms
^C

by the way, from ios release notes: Server NAT—By replacing the virtual 
server IP address with the real server IP address (and vice versa).
as i understand "nat server" enable [real server] <--> [virtual server] 
translations?
im right or not?

can anybody suggest me with this NAT drawback?

thanks.

-- 