NAT iSCSI target on MDS 9500.

Unanswered Question
Apr 18th, 2008

I have an iSCSI target defined on my director switch. This switch is behind my firewall on my private network. I have an iSCSI initiator on the internet that i want to connect to the target. My FW is providing NAT so the initiator is able to connect to the director and query it for targets. The switch responds with the list of targets, however it sends the private IP of the target which of course my initiator cannot communicate with. Is it possible to configure the switch to send a different IP for the target, than what is defined on the interface?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
fcorno Tue, 05/20/2008 - 12:31

I wonder what version of SANOS are you using, and if you are using iSLB.

Usually the MDS9000 portal, in reporting the iSCSI targets, lists the "TargetName" but it doesn't insert the optional "text key parameter" of the type "TargetAddress". This is different in case you use iSLB.

You could assign a public IP address to the IPS interfaces only: they are probably a small number and maybe you can find enough available public addresses to avoid NAT-ting just these interfaces.

Another option could be using a VPN tunnel, so you could have your iSCSI initiator virtually part of the same network of the targets, use private addressing for all the devices, and avoid NAT-ting. You probably don't want anyway to have your iSCSI traffic in cleartext on the Internet.


This Discussion



Trending Topics: Storage Networking