One-armed without NAT

Unanswered Question
Feb 7th, 2008
User Badges:


I am designing a CSS11506 solution in one-armed mode for an allready existing network (I am balancing webservers).

In my topology I have to use Client Nat in order for things to work.

However I've been told that the servers need to see the clients real IP address.

Does anyone know how can I solve this issue? Does direcly

I thought changing to inline mode, however that would not solve it because the default gateway of the server is the firewall; and even if I allow traffic on the firewall, the PC firewall of the client side will refuse the connection.

Best regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jcarvalh Thu, 02/07/2008 - 15:13
User Badges:

Please forget my post. Client gave me wrong info.

Best regards,


gohyeeshiang Tue, 02/19/2008 - 03:00
User Badges:

Hi Joao,

In your approach, try to implement on direct server return(DSR) where you do not need to configure nat client.

In DSR, you are required to use PBR to divert the traffic to the CSM.


This Discussion