[f-nsp] Serveriron NAT ?
Gregori Parker
Gregori.Parker at theplatform.com
Thu Mar 20 16:56:33 EDT 2008
I really need some help here - I am a Cisco/F5 engineer that has been
thrown into a situation with a pair of Foundry Serveriron XLs, and I
have little to no knowledge or resources for configuring them.
I have a test environment that can be simplified to this:
[/24 public]----[SI XL Active / NAT]----[/24 private]
Public address space is 10.99.1.0/24, with the Active LB acting as a
default gateway (10.4.20.1)
Private address space is 10.4.20.0/24, with cisco 3560s doing HSRP to
act
as a default gateway (10.99.1.1)
I have a test VIP going, and it works fine - but I cant get outgoing NAT
to work. I want to be able to simply initiate a connection from private
address space, NAT to a single overloaded address on the LB, and
interact with a 'public' address. Here is my configuration from the
Active LB, I appreciate any guidance.
Current configuration:
!
ver 07.4.00T12
global-protocol-vlan
!
!
server backup ethe 13 00e0.5201.0c72
server backup-preference 5
server backup-group 1
!
server port 3389
tcp
!
server router-ports 1 2
!
!
server real test01 10.4.20.11
port 3389
!
server virtual vtest01 10.99.1.11
port 3389
bind 3389 test01 3389
!
!
vlan 1 name DEFAULT-VLAN by port
no spanning-tree
!
vlan 2 by port
untagged ethe 13
no spanning-tree
!
vlan 11 by port
untagged ethe 1
router-interface ve 1
!
vlan 12 by port
untagged ethe 2
router-interface ve 2
!
hostname TESTLB01
ip forward
ip address 10.99.1.3 255.255.255.0
ip nat inside
ip nat inside source list 1 pool OutAdds overload
ip nat pool OutAdds 10.99.1.2 10.99.1.2 netmask 255.255.255.0
ip default-gateway 10.99.1.1
ip policy 1 cache tcp 0 global
ip policy 2 cache udp 0 global
interface e 13
no spanning-tree
!
interface ve 1
ip standby-address 10.99.1.2 255.255.255.0
!
interface ve 2
ip standby-address 10.4.20.1 255.255.255.0
!
access-list 1 permit 10.4.20.0 0.0.0.255
More information about the foundry-nsp
mailing list