[f-nsp] Serveriron / nat

Timothy Arnold tim at uksolutions.co.uk
Fri Nov 5 03:55:21 EST 2004 

On 4 Nov 2004, at 21:07, Cliff Fogle wrote:

> What type of hardware are you running?  Are you running in any sort of
> active-active or active-standy mode?
>

Serveriron XL 16 Port. I will be running an active-standby 
configuration (if I can understand how that works too! :)).

>
> The inside source parameter specifies that the mapping applies to the
> private address sending traffic to the Internet.
>

OK, I understand that. I have just tried it and it works fine. Any 
traffic from the server to the internet will use the IP address that I 
have assigned. However, what happens if I want to go from the internet 
to the private address, for incoming SSH requests for example?
>
> If you are running dual chassis devices in an active-active or
> active-standby mode I would wait for the new code to be released
> shortly.  The new (shortly released) IronWare 9.2 code will greatly
> simplify this.  Instructions for the new configuration are in the
> release notes for that release.
>

OK, Do you know when this will be, would you recommend not using NAT in 
an active/standby configuration? What problems occur if you do?

On a side note, in an active/standby configuration. I have been reading 
that you should build the configuration on one serveriron and then 
replicate it to the second serveriron (and using the backup commands to 
configure the backup port) but how does that work if you have virtual 
interfaces? I have a number of ve interfaces for each subnet, so do I 
just copy the same configuration across? The documentation says that 
you need to change the management address? I am unsure what this means!

Sorry if I am asking too many questions! Thanks for all your help!

Kind regards
Tim.

> -----Original Message-----
> From: foundry-nsp-bounces at puck.nether.net
> [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Timothy 
> Arnold
> Sent: Thursday, November 04, 2004 8:20 AM
> To: foundry-nsp at puck.nether.net
> Subject: [f-nsp] Serveriron / nat
>
> Hi Foundry Guru's
>
> I am hoping someone could enlighten me on now network address
> translation works in the serveriron. Here is the situation.
>
> I have two vlan's configured - the public vlan with routable IP
> addresses, this is where the VIP addresses are. The second vlan is a
> standard 10.x netblock where the servers are located. I have a number 
> of
> VIPs and load balance a number of web servers - this works great.
>
> However, I have a management server that will be accessible via web, 
> ssh
> etc. Do I need to create a VIP address just for this one server, or can
> I someway map a public IP address to the internal IP address and vice
> versa?
>
> I hope I have made myself clear!
>
> Thanks
> Tim. :)
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
>
>



---
Timothy Arnold
Technical Support Engineer
UK Solutions, Birmingham Road
Studley, B80 7BG

http://www.uksolutions.co.uk

To contact support:
Via telephone: 08700 681 333
Via email: support at uksolutions.co.uk

More information about the foundry-nsp mailing list