I am implementing a Nokia IP330 running FW4.1 SP3 and have done NAT
with proxy arps many times, but I am confusing myself on this particular
situation. Our webservers are going to live in the DMZ, which will then
transmit customer information back through the firewall to the internal
LAN, which will then VPN that information to the corporate office. The DMZ
interface is 192.168.3.1. That much I can handle and have done before. But
in this particular case, the webservers are going to live behind a load
balancer which serves all four webservers. The load balancer will be NAT'ed
to the URL IP address of the site, and when someone goes to the website it
then spreads the wealth to the webservers. (But it also creates another
network, 192.168.4.0, so the webservers are going to live on that network,
not the 192.168.3.0 network. Or to put it another way, the DMZ side of the
load balancer is 192.168.3.2 and the other side is 192.168.4.2.
So here is the question. In addition to the webservers being known by
the one load balancer IP address, they also need to have there own valid IP
address NAT'ed, so that they can be connected to individually for
maintenance reasons. How do I NAT to the 192.168.4.0 network if the DMZ
interface is 192.168.3.0? Is this even possible? As always, I need to have
this mastered by tomorrow. Sheesh. Thanks.
Scott
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
