Yes, I believe routing is not an issue in terms of my configuration.
I have a load balancer device in front of PIX to load balance some services on the servers protected by PIX. I have static NATs for the real IP addresses of the servers. Yet, I need to configure VIP addresses to be handled by PIX. However, according to the load balancer documentation, nobody should reply the arp request for VIP, except itself. So, they were suggesting to set loopback addresses on the server for VIPs. However, when I put PIX in between them, things get complicated. And I need to handle the issue properly with PIX.
Note: Using above command affets all the translations on , as PIX will stop proxy-arping for all those addresses. PIX will only ARP for IP address on its interface only, once above command is implemented.
Thanks for the suggestion, but my understanding from your explanation above is that it would stop arp replies for all static NATs defined for that interface. This is not what I want. What I want is to have proxy arp for some NATs (for the real IPs), while no proxy arp for other NATs (for the virtual IPs). To be more specific, real IPs are the ones assigned to the physical interfaces of a server. Virtual IPs are the ones assigned to loopback interfaces of a server. In a normal operation, servers only reply to arp request for the real IPs, but no arp replies for virtual IPs. Therefore, when I put a PIX device in front of such a configured server, I would like to have the same type of behaviour after NATs.
Anyways, may be I am forcing too much, and is not a realistic implementation. But if you have any other idea, please send them.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...