Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
335
Views
0
Helpful
1
Replies

CSM RHI interaction with NAT on FWSM

r.overberg
Level 1
Level 1

‎08-01-2007 01:07 PM

assuming this arrangement in Aggregation/Distribution layer chassis:

to core layer

| (L3 p-t-p /30 net)

MSFC (OSPF)

| (shared firewall outside vlan)

FWSM (routed mode context)

| (CSM client vlan = fw inside vlan)

CSM (bridge mode)

| (CSM server vlan)

layer-2 access vlan

if we want to use private addresses on the CSM server vlan and have route health injection (RHI) on CSM inject static routes onto MSFC routing process, then the NAT needs to happen up at the MSFC.

Or is there another way?

Question 1: is there any way to have RHI inject an alternate vserver address corresponding to pre-static-NAT address on FWSM?

Question 2: If I have a vserver on CSM with VIP A and TCP port X and another vserver with VIP A and TCP port Y, doesn't RHI mask the availability at the port level since RHI and routing and don't track transport layer ports?

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎08-03-2007 12:46 AM

the trick is to configure fake vserver on the csm with the fwsm nat address and use the same serverfarm with the advertise command.

Like this the CSM will insert a route to the correct address.

The FWSM will nat the traffic and send it to the correct vserver [not the one with the nated address].

I didn't try it myself, but I have seen some people doing it.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents