Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX and Load Balancing when using PAT instead of NAT

We have two mail firewalls (Border Ware ) in the DMZ area, their ip addresses are 192.168.101.3/24 and 192.168.101.5/24

To implement load balancing (mails to be delivered to both of them in equal ) on these mail firewalls, I have been advised to use NAT for these two private ip addresses (192.168.101.3 and 192.168.101.5) to two different (not one) public ip addresses.

Since we have not got two much public ip addresses, my suggestion was to use PAT (not NAT),,,but when I use PAT can a PIX implement load balancing ?

1 REPLY

Re: PIX and Load Balancing when using PAT instead of NAT

Hi,

The answer is "No".

PAT is only for handling outbound traffic.

When you do PAT for these two servers, only the outbound traffic going out from these server will go out of PAT and share the same public ip.

You can do port forwarding with PAT, to redirect the incoming traffic to the PAT ip address, to one of your inside/dmz servers.

It means when an incoming traffic hit your pix for the destionation ip as pat ip and destination tcp port as 25( SMTP), you can configure the pix to forward that traffic to one of the servers. You can only do so to one server.

Also when SMTP is concerned, for all practical purpose it would be advisable to have dedicated public ips.

-VJ

221
Views
0
Helpful
1
Replies
CreatePlease to create content