Real Server NAT (South-North) when access Internet

rwilliamsrwilliams Member
in System
Hi All,

I need help on how to achieve source NAT for traffic originating from a real server and heading North to the Internet.

I have set up our 3030s with basic Load Balancing, and using Source NAT Pool attached to various virtual services, which all works fine as expected to NAT incoming client traffic to the backend Real Servers.

However, the Real Servers need direct access to the Internet for updates etc, so I need to NAT any traffic originating from the Real Servers heading out (North) via the Load Balancer. Idealy I would like it to be NATed behind the VLAN interface on the 3030s that is on the Outside.

So as follows:

Internet
|
Edge Firewall
|
|
3030s Outside interface Vlan 20 (172.16.0.1/24)
|
3030s Inside interface Vlan 10 (10.10.0.1/24)
|
|
Real Server (10.10.0.100/24)

So when the real server accesses the internet, the edge firewall sees the IP source address as 172.16.0.1.

How do I achieve this?

Thanks

Ryan

Comments

  • rwilliamsrwilliams Member
    edited March 2016
    Hi All,

    Ok I have figured out how to achieve this using a NAT pool, but I would like to use the same IP address for the NAT source as the 3030s Interface.

    Is this possible.

    Rgds

    Ryan
  • dshindshin Member
    edited April 2016
    I do not think this feature is supported if you use the interface IP as a NAT pool address. However, one option is to use "Source NAT traffic against VIP".

    Genard
Sign In or Register to comment.

© Copyright 2024 - A10 Networks Community - All Rights Reserved. | Legal