Forum Discussion
cmoates
Nimbostratus
NimbostratusSimple routing issue?
I'm having a bit of trouble understanding what small bit of information I'm missing that's causing me a bunch of grief. I've attached a network diagram to this message to help illustrate my configuration.
I have already set up the virtual server for forwarding, and this appears to work if and only if I have no NAT set up to get to the outside world. As soon as I set up a NAT to get to the outside world, then when I ping between 10.0.10.x and 10.0.11.x I see the public IP when I get the ICMP request (as viewed via tcpdump).
I can't imagine that this is that difficult; can anyone help me to understand what I'm overlooking? I have the forwarding VS set up for all VLANs, and when I set up the NAT, I set it to only be on the external VLAN.
Any suggestions?
2 Replies
hoolioCirrostratus
I've never had much success with NATs and VIPs together. In general, it's more effective to use a virtual server to pass the traffic. If you want a one-to-one correlation between the virtual IP and the host, you can define a VIP pointing to a pool with the single host. If you want to allow all ports, you can define the VIP and the pool member on port 0 (any port).
Aaron
kykong_107132Hi,
Normally I'll use SNAT automap for internet access instead of NAT. you can try to create a wildcard_vs with LTM default gateway as pool member. enable automap for this wildcard_vs. lastly, delete the NAT. following is the sample of the configuration.
pool default_gw {
member 72.x.x.1:any
}
virtual wildcard_vs {
destination any:any
mask none
pool default_gw
snat automap
}
regards,
KY
