Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Nat virtual ip or nic physical IP for Microsoft NLB


I need advice for our setup consisting of 2 tmg 2010 servers configured as multicast nlb. The internal nics of the array (facing clients) and the external nics are connected in different vlans on the same cisco 4507 core.

Internal Nics:,

Internal Virtual IP:

External Nics:,

External Virtual IP:

I have added static mac and arp entries for each nics and vips (respectively)

The cisco core connects to a cisco ASA firewall. I have added a static arp statement on the asa for the external vip.

My question is about natting on the firewall. I am doing a dynamic nat to one public IP. When I natted the external vip I could not establish outgoing connections from internal clients to the internet via the nlb array, but when I nat each external (physical) ip instead of the external vip, clients can surf the internet.

Is this the right setup or the external vip should be natted?

I have not done a static nat since I am not publishing any exchange or other application that requires incoming connections.

All help is appreciated,

Moe Shea

Cisco Employee

Nat virtual ip or nic physical IP for Microsoft NLB

Hi Moe,

What did the NAT config look like and what IPs were not able to reach the Internet when it was in place?


CreatePlease to create content