One-armed without NAT

Unanswered Question
Feb 7th, 2008

Hello.

I am designing a CSS11506 solution in one-armed mode for an allready existing network (I am balancing webservers).

In my topology I have to use Client Nat in order for things to work.

However I've been told that the servers need to see the clients real IP address.

Does anyone know how can I solve this issue? Does direcly

I thought changing to inline mode, however that would not solve it because the default gateway of the server is the firewall; and even if I allow traffic on the firewall, the PC firewall of the client side will refuse the connection.

Best regards,

Joao

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jcarvalh Thu, 02/07/2008 - 15:13

Please forget my post. Client gave me wrong info.

Best regards,

Joao

gohyeeshiang Tue, 02/19/2008 - 03:00

Hi Joao,

In your approach, try to implement on direct server return(DSR) where you do not need to configure nat client.

In DSR, you are required to use PBR to divert the traffic to the CSM.

Actions

This Discussion