> Now I have a second test array behind the PIX
> firewall, configured
> identically except that I use a private network
> and NAT in the PIX. I have "static" and "conduit"
> statements in the PIX to
> pass the x.y.x.170 traffic to 20.0.0.170 (port 80
> and 443 only), and I have
> two load balanced servers at .171 and .172. I can
> "see" the .170 address
The .171 and .172 servers need not be visible to the
outside world. So conduits / statics are not reqd for
them.
However ensure that .170 (the virtual ip) is
statically mapped to a public ip on the firewall with
conduits permitting access to .170 on port 443 and 80.
What is the defauult g/w configured on the real
servers .171 and .172 ??? If u have configured the LB
for preserving the source ip, the default g/w on the
real servers shud be the vritual ip on the LB.
Normally, CISCO and Intel LBs would respond for an arp
query for their virtual ips - a reason arp entry
need'nt be given on the PIX.
If MS suggests that arp entry be there, PIX supports
fixing the MAC address using the arp command.
Regds.
__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger.
http://im.yahoo.com
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
