Options
Real Server NAT (South-North) when access Internet
Hi All,
I need help on how to achieve source NAT for traffic originating from a real server and heading North to the Internet.
I have set up our 3030s with basic Load Balancing, and using Source NAT Pool attached to various virtual services, which all works fine as expected to NAT incoming client traffic to the backend Real Servers.
However, the Real Servers need direct access to the Internet for updates etc, so I need to NAT any traffic originating from the Real Servers heading out (North) via the Load Balancer. Idealy I would like it to be NATed behind the VLAN interface on the 3030s that is on the Outside.
So as follows:
Internet
|
Edge Firewall
|
|
3030s Outside interface Vlan 20 (172.16.0.1/24)
|
3030s Inside interface Vlan 10 (10.10.0.1/24)
|
|
Real Server (10.10.0.100/24)
So when the real server accesses the internet, the edge firewall sees the IP source address as 172.16.0.1.
How do I achieve this?
Thanks
Ryan
I need help on how to achieve source NAT for traffic originating from a real server and heading North to the Internet.
I have set up our 3030s with basic Load Balancing, and using Source NAT Pool attached to various virtual services, which all works fine as expected to NAT incoming client traffic to the backend Real Servers.
However, the Real Servers need direct access to the Internet for updates etc, so I need to NAT any traffic originating from the Real Servers heading out (North) via the Load Balancer. Idealy I would like it to be NATed behind the VLAN interface on the 3030s that is on the Outside.
So as follows:
Internet
|
Edge Firewall
|
|
3030s Outside interface Vlan 20 (172.16.0.1/24)
|
3030s Inside interface Vlan 10 (10.10.0.1/24)
|
|
Real Server (10.10.0.100/24)
So when the real server accesses the internet, the edge firewall sees the IP source address as 172.16.0.1.
How do I achieve this?
Thanks
Ryan
0
Comments
Ok I have figured out how to achieve this using a NAT pool, but I would like to use the same IP address for the NAT source as the 3030s Interface.
Is this possible.
Rgds
Ryan
Genard