dario.didio Mon, 07/20/2009 - 00:00
User Badges:
  • Silver, 250 points or more

Hi,


your ar using one-arm mode. This meanse you use only 1 VLAN for client and server traffic.


The problem is that traffic passing the CSS should also return via the CSS.


In one-arm mode this is not the case because the default-gateway of your servers is the upstream router and not the CSS.


In other words, you need to force the servers to send the traffic back to the CSS instead of directly to the router.


This can be accomplished by using source NAT. THis way, the server thinks the traffic was sourced by the CSS, sending te response back to the CSS instead of the router.


You need to configure a source group. In your case, it would look something like this:


group NAT_GRP-IPCC

vip address 10.20.19.X

add destination service http-ora03m

add destination service http-ora04m

active


group NAT_HTTPS-ORACLE

vip address 10.20.19.Y

add destination service https-ora03m

add destination service https-ora04m

active


group NAT_ora03m&4m-7778

vip address 10.20.19.Z

add destination service ora03m-7778

add destination service ora04m-7778

active


The VIP Addresses in the group are the addresses that will be used to replace the original source address. Note that per group the VIP address should be unique, zo replace the 3 letters with 3 different numbers.


Note that by doing this, you will lose the original source IP Address. This means that you will not be able to account the sources that have accessed your database.


HTH,

Dario

subashmbi Mon, 07/20/2009 - 01:17
User Badges:


Thanks Dario,


I will update u the status ...


Regards

Subash.c


Actions

This Discussion