One static Nat Public IP bind with two Local IP's

Unanswered Question
Aug 13th, 2008

Hi, Is it possible that we cud bind two local IP's with one Static Nat Public IP so that the outside (inbound) Traffic of Public IP to be load balance in both local IP's.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Wed, 08/13/2008 - 11:44

AFAIK this can be done on both the Cisco IOS and Juniper Netscreen. However this is not possible on the ASA/PIX. You can configure this via policy NAT, but it still won't load balance between the two.



ray_stone Wed, 08/13/2008 - 11:51

Thanks!!! Can you post a one example of policy nat and how it would be suffecient. What are the merits and demerits?

Farrukh Haroon Wed, 08/13/2008 - 12:21

As I said it wont be possible on the ASA/PIX. Even if it lets you configure it, it will just use the first entry it sees. This is an example of Policy NAT< but this is the opposite. One Local IP and Two Global/Mapped IPs:

This is a Cisco IOS example tough:



ray_stone Wed, 08/13/2008 - 12:28

Well not required this. We have placed two web servers in DMZ Zone having same configuration like as a mirror and both are connected with one DB Server which is placed in Inside Zone. Now the problem is suppose first web server gets down then we change the static local IP of second web server. Now what I want we could make two entries and one will be up and second to be up only when first server Local IP not resolved then all traffic to be divert into second static entry. If you know any way to configure it then please advice. Thanks!!!

Farrukh Haroon Wed, 08/13/2008 - 18:43

There are multiple ways this can be done. First of all is to get a load-balancer :). If not a hardware loadbalancer like Cisco CSS 115XX, Cisco CSM , F5 , Foundry etc. then you could configure load balancing in software like Cisco IOS SLB (not available on all platforms).

Another way is to do DNS round-robin. Setup two different public IPs corresponding to your application's DNS. Requests will come from both mapped IPs to your real servers (i.e one to one mapping).

If you want more availability, you can get your own subnet from ARIN and then get multiple ISP to advertise this subnet through both ISPs. It all depends on your specific requirements.




This Discussion