PIX and Load Balancing when using PAT instead of NAT
We have two mail firewalls (Border Ware ) in the DMZ area, their ip addresses are 192.168.101.3/24 and 192.168.101.5/24
To implement load balancing (mails to be delivered to both of them in equal ) on these mail firewalls, I have been advised to use NAT for these two private ip addresses (192.168.101.3 and 192.168.101.5) to two different (not one) public ip addresses.
Since we have not got two much public ip addresses, my suggestion was to use PAT (not NAT),,,but when I use PAT can a PIX implement load balancing ?
Re: PIX and Load Balancing when using PAT instead of NAT
The answer is "No".
PAT is only for handling outbound traffic.
When you do PAT for these two servers, only the outbound traffic going out from these server will go out of PAT and share the same public ip.
You can do port forwarding with PAT, to redirect the incoming traffic to the PAT ip address, to one of your inside/dmz servers.
It means when an incoming traffic hit your pix for the destionation ip as pat ip and destination tcp port as 25( SMTP), you can configure the pix to forward that traffic to one of the servers. You can only do so to one server.
Also when SMTP is concerned, for all practical purpose it would be advisable to have dedicated public ips.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...