09-08-2006 01:56 AM - edited 03-03-2019 04:52 AM
we want destination nat to work. we have 6509 series swithces running HSRP. we have 2 locations. at these locations proxy servers do the the job of filtering and sending the web traffic. what we want is if the proxy server at location 1 goes down, we shd be able to nat the incoming traffic for proxy sever from user vlan to the proxy server of location b traffic. teh ios version is IOS (tm) MSFC2 Software (C6MSFC2-IS-M), Version 12.1(4)E3,what commands we need to run
thanx
09-08-2006 07:11 AM
Your problem is not going to be so much the nat as how you figure out when the proxy goes down.
The only thing I have seen that can take action based on a external server is to use object tracking and policy routing. I don't think Nat has any ability to do this.
Another solution that you may want to concider if your switches support it is to use server load balancing (SLB) to do this.
There are a number of ways to configure this but it will depend on where your servers are located in relation to the switch. Since this is designed for load balancing first and redundacy second it may not end up being effectient.
Now if you really want to use nat you could use the policy routing with the object track options and route the traffic to either another router or to loopback interfaces. This would be a variation of nat on a stick. In effect you would be rerouting your traffic though NAT interfaces based on availablilty. Both the policy routing track options and nat on a stick are not the most simple things to comfigure. The policy routing with track option is fairly new and I don't know if they have put it in the switch versions of the IOS yet.
09-11-2006 01:03 AM
thanx for the message
cant use SLB because servers are located on 2 diff locations
can you guide me the link which shows how to confiugre policy routing with object track and nat on stick on switches
09-11-2006 01:31 AM
i looked at the config example. theres a command to check the availaility for next hop.normally the internet connections are protected behind the firewall. so the internal routers next hop is the firewall. the connectivity between the router and firewall are direct cable connectivity but if the isp fails then this feature may not work for the above scenario.
so doest the next hop has to be actually next hop directly connected or it can be any other hop for e.g 2 hops away.
this feature will be very useful if can be done in this way.
t
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide