Google Answers Logo
View Question
 
Q: Can't Get Foundry Serverirons configured to do NAT correctly ( No Answer,   0 Comments )
Question  
Subject: Can't Get Foundry Serverirons configured to do NAT correctly
Category: Computers > Internet
Asked by: scrasherman-ga
List Price: $40.00		 Posted: 16 Aug 2003 21:47 PDT
Expires: 15 Sep 2003 21:47 PDT
Question ID: 245563 
I'm trying to setup a foundry ServerIronXL load balancer to allow my
cluster boxes that are internal to the serveriron to access the VIPs
on the serveriron. For some reason, I'm unable to do this. i.e. We
have boxes behind the serverirons that the serverirons point to via
public ip VIPs, yet no boxes behind the serverirons can connect to
these VIPs (clients and other servers outside the serverirons can
access the VIPs though). I'm able to ping the VIP from the boxes
behind the serverirons (pinging vip1 from 192.168.0.10 works), but
just can't access the services on the VIPs (telnet vip1 ldap from
192.168.0.10 does not work).  I'm told it has something to do with the
source natting that I am doing (all of my cluster machines are in the
private IP space,  and all the VIPs are in the public IP space).

So to recap once again, i can telnet on ldap to VIP1 from a machine
outside the serverirons, but not servers behind the serverirons.
Likewise the servers behind the serverirons can talk to each other via
private ips, just not via public ones bound to VIPs on the
serverirons, even though these vips point directly back to the servers
behind the serverirons.

Here is My configuration:


Current configuration:
!
ver 07.3.06T12
global-protocol-vlan
!
!
server predictor response-time

server port 389
 tcp
 udp

server port 636
 tcp
 udp
server source-nat
server source-ip 192.168.0.1 255.255.255.0 0.0.0.0
server source-ip 192.168.0.2 255.255.255.0 0.0.0.0
server source-ip 192.168.0.3 255.255.255.0 0.0.0.0
server source-ip 192.168.0.4 255.255.255.0 0.0.0.0
server source-ip 192.168.0.5 255.255.255.0 0.0.0.0
server reverse-nat
!
!
!
!
!
!
!
!
!
!
!
!
!
server remote-name serv1-read 192.168.0.10
 port 636
 port ldap
!
server remote-name serv1-write 192.168.0.11
 port 636
 port ldap
!
server remote-name serv2-read 192.168.0.12
 port 636
 port ldap
!
server remote-name serv2-write 192.168.0.13
 backup
 port 636
 port ldap
!
!
server virtual vip2 xxx.xxx.xxx.92
 sym-priority 41
 dyn-sym-pri-factor 11
 port 636
 port ldap
 bind 636 serv1-write 636 serv2-write 636
 bind ldap serv1-write ldap serv2-write ldap
!
server virtual vip1 xxx.xxx.xxx.91
 sym-priority 41
 dyn-sym-pri-factor 11
 port ldap
 port 636
 bind ldap serv1-read ldap serv2-read ldap
 bind 636 serv1-read 636 serv2-read 636
!
server virtual vip3 xxx.xxx.xxx.93
 sym-priority 9
 dyn-sym-pri-factor 5
 bind default serv1-read default serv1-write default
!
server virtual vip4 xxx.xxx.xxx.70
 sym-priority 9
 dyn-sym-pri-factor 5
 bind default serv2-read default serv2-write default
!
vlan 1 name DEFAULT-VLAN by port
!

enable super-user-password .....
hostname si1
ip address xxx.xxx.xxx.82 255.255.255.224
ip default-gateway xxx.xxx.xxx.66
ip dns domain-name foundrynet.com
ip dns server-address 192.168.0.10 192.168.0.12
sntp server xxx.xxx.xxx.250
Answer  
There is no answer at this time.

Comments  
There are no comments at this time.
Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy