get PIX translate Source AND Destination addresses

Discussion in 'Cisco' started by ct.beuger, Aug 6, 2004.

  1. ct.beuger

    ct.beuger Guest

    We have two ISP’s, two PIXes, two web servers and one big problem.

    In the sketch I’ve drawn the network.
    Both servers run Citrix and IIS that needs to be accessible from outside.
    PIXa is for both servers the default gateway.
    The PIX and the Linux box do address translation. The PIX rewrites
    the destination addresses, the Linux the destination and the source
    address.

    When ISPa is unavailable we update only the DNS entries for our servers
    and people connect to us over ISPb.

    The Linux box will be replaced by a PIX.
    Is there a way to full NAT a connection so that the requests to
    the server seem to be coming from PIXb instead of the actual client?

    Tanks in advance,

    Chris

    +--------------------------------------------------------+
    | Internet / |
    |. ,'-. |
    | '---. _.--' `. |
    | `-----+------'' ,`-.----------. |
    | ,--------+--. ( ISPb ) |
    | ( ISPa ) `------------+' |
    | `-------+---' __,,....------------.....__| |
    | |,.--'' LAN |`'--..__ |
    | _.-''| | `-.|
    | ,-' ++-----+ +-+-----+ |
    |,' | PIXa ........|..............|... linux | |
    | +------+ | | +-------+ |
    | | | |
    | | | |
    | +----------+-+ ++-----------+ |
    | | ServerA | | ServerB | |
    |`._ | | | | |
    | `._ +------------+ +------------+ |
    | `-.._ _,.-'|
    | `'--...__ ___..--'' |
    | `''''------------''''' |
    +--------------------------------------------------------+

    (An other approach to redundant internet connection is welcome BTW)
    ct.beuger, Aug 6, 2004
    #1
    1. Advertising

  2. ct.beuger

    Hansang Bae Guest

    In article <>,
    says...
    [snip]
    >
    > +--------------------------------------------------------+
    > | Internet / |
    > |. ,'-. |
    > | '---. _.--' `. |
    > | `-----+------'' ,`-.----------. |
    > | ,--------+--. ( ISPb ) |
    > | ( ISPa ) `------------+' |
    > | `-------+---' __,,....------------.....__| |
    > | |,.--'' LAN |`'--..__ |
    > | _.-''| | `-.|
    > | ,-' ++-----+ +-+-----+ |
    > |,' | PIXa ........|..............|... linux | |
    > | +------+ | | +-------+ |



    Sorry, I can't help you with the pix. But quick question..you'r using
    PAN so I'm assuming you're on Linux. What did you use to draw the ascii
    art above?


    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
    Hansang Bae, Aug 7, 2004
    #2
    1. Advertising

  3. Richard Sanderson, Aug 7, 2004
    #3
  4. ct.beuger

    ct.beuger Guest

    On Sat, 07 Aug 2004 03:47:11 +0000, Hansang Bae wrote:

    > In article <>,
    > says...
    > [snip]
    >>
    >> +--------------------------------------------------------+

    [knip]
    >> | +------+ | | +-------+ |

    >
    >
    > Sorry, I can't help you with the pix. But quick question..you'r using
    > PAN so I'm assuming you're on Linux. What did you use to draw the ascii
    > art above?


    The ASCII art is made with jave (jave.de). It’s in java so cross platform.
    Actually I run PAN under Windows.
    ct.beuger, Aug 9, 2004
    #4
  5. ct.beuger

    Hansang Bae Guest

    In article <>,
    says...
    > The ASCII art is made with jave (jave.de). Itâ¤=3Fs in java so cross platform.
    > Actually I run PAN under Windows.


    Thanks. I actually looked around and found "Email Effects" Pretty
    decent. ASCEditor4 isn't too bad either once you get used to its
    quirks. Didn't know pan run under windows. I'm always looking for a
    good newsreader (Gravity's pretty decent)....Thanks for the update
    though.


    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
    Hansang Bae, Aug 10, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Keith B.
    Replies:
    4
    Views:
    633
    shope
    Jan 30, 2004
  2. Dave
    Replies:
    0
    Views:
    1,584
  3. Replies:
    1
    Views:
    8,731
    Phillip Remaker
    May 11, 2005
  4. Replies:
    1
    Views:
    5,682
    mcaissie
    Aug 31, 2006
  5. 1388-2/HB

    Source and destination NAT

    1388-2/HB, Jun 26, 2007, in forum: Cisco
    Replies:
    4
    Views:
    1,015
    usenet
    Jul 4, 2007
Loading...

Share This Page