[f-nsp] Serveriron / nat

Cliff Fogle Cliff at ofoto.com
Thu Nov 4 16:07:48 EST 2004


What type of hardware are you running?  Are you running in any sort of
active-active or active-standy mode?

If you only have one serveriron then this should do:  
(from
http://www.foundrynet.com/services/documentation/siug/ServerIron_NAT.htm
l#47377 )

"
Configuring Static Address Translations

Use the following CLI method to configure static NAT.

USING THE CLI

To configure static NAT for an IP address, enter commands such as the
following:

ServerIron(config)# ip nat inside source static 10.10.10.69 209.157.1.69

The commands in this example statically map the private address
10.10.10.69 to the Internet address 209.157.1.69.

Syntax: [no] ip nat inside source static <private-ip> <global-ip>

This command associates a specific private address with a specific
Internet address. Use this command when you want to ensure that the
specified addresses are always mapped together.

The inside source parameter specifies that the mapping applies to the
private address sending traffic to the Internet.

The <private-ip> parameter specifies the private IP address.

The <global-ip> parameter specifies the Internet address. The ServerIron
supports up to 255 global IP addresses.

Neither of the IP address parameters needs a network mask.
"

If you are running dual chassis devices in an active-active or
active-standby mode I would wait for the new code to be released
shortly.  The new (shortly released) IronWare 9.2 code will greatly
simplify this.  Instructions for the new configuration are in the
release notes for that release.

-----Original Message-----
From: foundry-nsp-bounces at puck.nether.net
[mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Timothy Arnold
Sent: Thursday, November 04, 2004 8:20 AM
To: foundry-nsp at puck.nether.net
Subject: [f-nsp] Serveriron / nat

Hi Foundry Guru's

I am hoping someone could enlighten me on now network address
translation works in the serveriron. Here is the situation.

I have two vlan's configured - the public vlan with routable IP
addresses, this is where the VIP addresses are. The second vlan is a
standard 10.x netblock where the servers are located. I have a number of
VIPs and load balance a number of web servers - this works great.

However, I have a management server that will be accessible via web, ssh
etc. Do I need to create a VIP address just for this one server, or can
I someway map a public IP address to the internal IP address and vice
versa?

I hope I have made myself clear!

Thanks
Tim. :)

_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp






More information about the foundry-nsp mailing list