Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

MS NLB with ASA 8.2

Dears,

Please find the attached diagram.

Exchange  servers are confgured for NLB, Exchange Admin explained me the mail  flow from the servers he told me that when the servers will send mail  outside they send by physical  ip 10.10.3.12 and 10.10.3.14 and when the  server will receive mail they will receive on NLB IP 10.10.3.9. so for that reason PBR is  configured on the router for ip address 10.10.3.9 which should match in  access-list and should be directed to next-hop  ISP router and static  NAT is configured on the Internet router for ip 10.10.3.9 for receiving  email from outside.

The problem is neither the mails are going out nor we  are receving when i do a traceroute the packets drops at ASA nor i am  able to ping/telnet  the internet router internal ip address,when i  remove the static identity nat command from ASA i am able to ping,telnet,ssh from  the server to Internet router each and every interface and also the trace route reaches till the ISP router.

nat (insde) 1 10.10.3.12 255.255.255.255  

nat (inside)1 10.10.3.14 255.255.255.255

global (outside) 1 10.10.3.9

For receiving mail i configured the static identity NAT:

static (inside,outside) 10.10.3.9 10.10.3.9 netmask 255.255.255.255.

INTERNET ROUTER.

interface GigabitEthernet0/2

ip address 172.16.10.250 255.255.255.0

ip nat inside

ip virtual-reassembly

ip policy route-map Exchange

duplex auto

speed auto

ip access-list standard policy

permit 10.10.3.9 log

route-map Exchange permit 10

match ip address policy

set ip next-hop ISP ROUTER

ip nat inside source static 10.10.3.9 94.94.94.94

1 REPLY
New Member

MS NLB with ASA 8.2

Dears,

Is it i am asking somthng funny, or nobody has came across to such scenario

236
Views
0
Helpful
1
Replies