CSM nat client sample config
Hi
We have one pair of CSM confiugred in bridge mode.
The user wants the servers to be able to access the VIP also.
Understand one solution is to use NAT client.
Anyone got a working config on NAT client for bridge mode?
Thanks!
natpool ....
serverfarm from-server2server
nat server
nat client
real x.x.x.x
ins
real x.x.x.x
ins
vserver from-server2server
vip x.x.x.x tcp
vlan
serverfarm from-server2server
ins
That's it.
Any question, let me know.
Regards,
Gilles.
Thanks for rating this answer.
Similar Messages
-
Revision: 13477
Revision: 13477
Author: [email protected]
Date: 2010-01-13 05:17:10 -0800 (Wed, 13 Jan 2010)
Log Message:
Bug: BLZ-455 - Document client-load-balancing property in the sample config
QA: No
Doc: No
Ticket Links:
http://bugs.adobe.com/jira/browse/BLZ-455
Modified Paths:
blazeds/trunk/resources/config/services-config.xml -
So I have been trying to setup trunking (got that done and tested) on a pair of CSS 11503's and now i would like to setup ASR, vr and vip redudnacy to failover between them. Does anyone have any samples of how to do this with all public ips, all the cisco docs are for nat'd configuration which we do not run, everything would be public.
right now management of the css is done over vlan100 but the servers are in vlan150, different subnet's obviously however what is messing me up is the docs are all saying to use outside public ips and inside for the servers. I only have public ips and don't have time to change anything to a nat...any help would be greatactually let me append my previous comment with a question..
since I am trunking up (to my 6509s) and down (to various switches)...what should my default route be on the CSS's
i have 2 vlan's right now
vlan 10
ip address 192.168.10.10 255.255.255.240
vlan 20
ip address 192.168.11.11 255.255.255.224
in my global however I am using
ip route 0.0.0.0 0.0.0.0 192.168.10.1 1
10.1 btw is a virtual (HSRP address) on my 6509's
11.1 would be the virtual (HSRP address) on my 6509's for vlan20 etc..
so yes my previous statement about the gateways for my web servers pointing to the CSS is true (redudant int), however if I have other servers on my switches that are not in the lb's groups and I point it those servers to my HSRP virtual for vlan20's 11.1 i cannot ping it... so what are my options cause I would rather not change gateways on some of the other machines that won't be load balancing.
I noticed in the trunking sample config the global had no route, but when i removed it, i couldn't get to anything (of course).
thanks again -
Hi, Is there a Flex/Air Mail Client sample demo application (with source code) like the the GWT one -- http://gwt.google.com/samples/Mail/Mail.html --
Thank you for your helpNo.
-
Hi
Does anyone have a sample config for standalone Cisco AP1252 (Cisco IOS) for AD Authentication for wireless ?
Appreciated your kind reply.The short version :
in config terminal mode :
-radius-server host auth-port 1812 acct-port 1813 key 0
-aaa authentication dot1x eap_methods group radiusThen you need to configure your ssid for dot1x :-dot11 ssid -authentication open eap eap_methods-authentication network-eap eap_methodsThis is only the part needed for radius interaction. This assumes that you already configured your SSID with according WPA settings.that's about it I think.If you want info about more commands or so, just check out this link :http://www.cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/configuration/guide/scg12410b-chap11-authtypes.html#wp1002608 -
I'm looking for a sample config for a IPS IDSM-2. I've been reviewing the configuration manual and love the excruciating detail, but would like to work from a sample config. Maybe just the basics to get started and then I can add stuff in later.
Any samples would be most appreciated.
Thanks,
MikeYou need to decide the mode you want to run your IPS in? Promiscuous, Inline (VLAN/Interface pair) ?
Here are two examples from CCO:
https://www.cisco.com/en/US/products/sw/secursw/ps2113/products_configuration_example09186a0080876d9f.shtml
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a00809c37cb.shtml
Regards
Farrukh -
Hi,
On CSM Client >device> Access rules is showing the old config and not showing the active running config. Where as tools>preview configuration show me the running config.
How do I make the csm client show the running config.
Thanks.Raj;
When managing devices with CSM, it is expected that all configuration changes made to the device are made via CSM. Any changes made via PuTTY will not be reflected within CSM without first re-discovering the device's policies.
The screenshot does not indicate a specific error, only that policy objects alreadty present in CSM were re-used with this device. For the yellow triangle items, you will need to highlight each item and reference the matching description pane. But from the overall status, the discovery was completed successfully with three warnings.
Thanks,
Scott -
Hi,
Can some one help me with a sample configuration for ACE20?
Rgds....Partha Acharyahere is a copy of my lab config.
switch/User1# sho run
Generating configuration....
logging enable
logging buffered 7
access-list PERMIT_ANY line 10 extended permit ip any any
access-list app line 10 extended permit ip host 192.168.20.41 any
probe http ACECFG-http
interval 5
faildetect 2
passdetect interval 10
request method get url /index.html
expect status 200 299
probe ftp ftp_probe
interval 10
passdetect interval 10
expect status 0 999
open 5
parameter-map type connection REPL
parameter-map type connection TCP
rserver host 20.20.20.20
ip address 20.20.20.20
inservice
rserver host REFLECTOR-10
ip address 192.168.60.10
inservice
rserver host REFLECTOR-11
ip address 192.168.60.11
inservice
rserver host REFLECTOR-12
ip address 192.168.60.12
inservice
rserver host REFLECTOR-13
ip address 192.168.60.13
inservice
rserver host REFLECTOR-14
ip address 192.168.60.14
inservice
rserver host REFLECTOR-15
ip address 192.168.60.15
inservice
rserver host linux1-48
ip address 192.168.30.48
rserver host linux2
ip address 192.168.20.41
inservice
serverfarm host 20.20.20.20
rserver 20.20.20.20
inservice
serverfarm host REFLECTOR
predictor leastconns
rserver REFLECTOR-10
weight 1
inservice
rserver REFLECTOR-11
weight 1
inservice
rserver REFLECTOR-12
weight 1
inservice
rserver REFLECTOR-13
weight 1
inservice
rserver REFLECTOR-14
weight 1
inservice
rserver REFLECTOR-15
weight 1
inservice
rserver linux1-48
inservice
serverfarm host linux2
failaction purge
probe ACECFG-http
rserver linux2
inservice
serverfarm host linux2-ftp
probe ftp_probe
rserver linux2 21
inservice
sticky ip-netmask 255.255.255.255 address source STICKY-REFLECTOR
replicate sticky
serverfarm REFLECTOR
class-map match-all NAT
2 match access-list app
class-map type http loadbalance match-all URL
2 match http url .*
class-map match-all VIP-250-80
2 match virtual-address 192.168.100.250 tcp eq www
class-map match-all VIP-250-ftp
2 match virtual-address 192.168.100.250 tcp eq ftp
class-map match-any VIP-REFLECTOR-254
2 match virtual-address 192.168.100.254 tcp eq www
policy-map type management first-match ALLOW
class class-default
permit
policy-map type loadbalance first-match 20.20.20.20
class class-default
serverfarm 20.20.20.20
policy-map type loadbalance first-match LB_linux2
class class-default
serverfarm linux2
policy-map type loadbalance first-match REFLECTOR
class class-default
sticky-serverfarm STICKY-REFLECTOR
policy-map type loadbalance first-match ftp-linux2
class class-default
serverfarm linux2-ftp
policy-map multi-match NAT1
class NAT
nat dynamic 1 vlan 100
policy-map multi-match SLB-REFLECTOR
class VIP-REFLECTOR-254
loadbalance vip inservice
loadbalance policy REFLECTOR
loadbalance vip icmp-reply
policy-map multi-match SLB1
class VIP-250-80
loadbalance vip inservice
loadbalance policy 20.20.20.20
loadbalance vip icmp-reply
class VIP-250-ftp
loadbalance vip inservice
loadbalance policy ftp-linux2
loadbalance vip icmp-reply
inspect ftp
service-policy input ALLOW
interface vlan 20
ip address 192.168.20.253 255.255.255.0
mac-sticky enable
access-group input PERMIT_ANY
service-policy input SLB1
no shutdown
interface vlan 100
ip address 192.168.100.2 255.255.255.0
alias 192.168.100.1 255.255.255.0
peer ip address 192.168.100.3 255.255.255.0
access-group input PERMIT_ANY
nat-pool 1 192.168.100.240 192.168.100.245 netmask 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.100.9
ip route 192.168.100.4 255.255.255.255 192.168.100.9
ip route 171.69.146.79 255.255.255.255 192.168.20.41
ip route 192.168.30.0 255.255.255.0 192.168.20.37
ip route 20.20.20.20 255.255.255.255 192.168.20.41 -
Cisco Jabber Client - QoS Config
Hi Guys,
I'll be deploying the new jabber client for a customer and i'm unsure of what QoS to configure on the switch ports for end users. Users will also have 7942 handsets, so if i configure auto qos voip cisco-phone, I doubt this will protect the voice/video for Jabber.
Has anyone got any config or tips they can share?
Cheers,
JamesHi,
I believe you can use "auto qos voip cisco-softphone"
Please see below QOS SRND.
http://www.cisco.com/univercd/cc/td/doc/solution/esm/qossrnd.pdf
Regards
Ronak -
RMI - NAT - Client within the LAN and outside the LAN
I'm having an RMI server in a machine within a LAN with the private IP 10.XX.XX.XX and a NAT with the public IP 196.XX.XX.XX.
I am using the property: java.rmi.server.hostname to 196.XX.XX.XX. The server is behind a NAT machine.
Everything works fine when the client is outside the LAN, but when the client is within the LAN it fails to lookup the server (of course it would work fine if I ommit the java.rmi.server.hostname property or set it to the server IP, but then I cannot work with a client outside the LAN).
To conclude, my question is how I can work with both clients simultaneously (one within the LAN and one outside the LAN)?Most firewalls block access from inside the network to the external IP address (10.x.x.x to 196.x.x.x) as this approach could also be used by an attacker masquerading as a local network computer.
You're going to need to make sure that all your Internal computers do not go via your firewall to get to the server.
You can either add a route to the server on the Internal client machines overriding the default routing table or you can use your public domain name instead of the IP address. Then change your internal DNS configuration (if you use one) to point internal users to the local IP address instead. -
CSM + multiple client vlan
If a CSM has more than one client VLANs, connected to different routers, how does CSM decide what path to take when server initiate a connection? in other words is there a way to associate server vlan(s) to client vlan?
The term client vlan actually represents an interface between the CSM and the 6500's L2 and L3 vlan.
If you have multiple routers connecting to your 6500, they will be associated vlan(s) n the 6500 as any other vlan is...you define the balanced servers default gateway as the alias address within the server vlan define on the CSM...the CSM then forwards this to the gateway defined on the csm client vlan which is also the 6500's L3 interface. The 6500 then uses it's own routing table to define where the next hop for this destination is.
Hope this helps
Steve -
CSM-S SSL daughtercard config sync
Hi there,
First Question
Is it possible to do a config sync for the CMS-S SSL daughtercard ?? On the SSL daughtercard of the standby CSM is no config _
Second Question
How can we built up an redundent configuration (FT) with the CSM-S SSL daughtercard ??
In our actual configuration the CSM works in active - standby mode.
Thanks a lot
Dirk BarnekowNo, you cannot config sync for the CMS-S SSL daughtercard
-
OD managed client proxy-config
Hello all,
we created at the OD-server (OSX 10.5.8) a computergroup for our
managed clients (OSX 10.6.2).
Some configs working correct, f.e dock-config (ID com.apple.dock).
But the proxy-config (ID com.apple.SystemConfiguration)
wasn't executed at the client.
The client keep former proxy-entries.
Is this an error or because of forward reverse proxy?
Thanks! WolfgangHi
I have seen this before a number of times and only on Intel iMacs, old and new. All I can put it down to is a possible screen corruption at the Login Window? Perhaps a rogue or damaged/corrupted font? It may also have something to do with how the setting is being applied locally which might be conflicting with the Managed Preferences applied from the Server?
I have also seen it initially with an OD Master/Replica pair.
For me it tends to disappear after a while or if you click the back button or restart. It might be a timing issue with whatever is providing the routing? Perhaps the NTP Server? If you're in a position you could investigate the Switch or Router? Perhaps replace one or the other or both (temporarily) to see if things change?
Tony -
Hello,
I wish to connect to an enterprise level wireless network. To connect requires client-side advanced settings. I believe there must be a config file located somewhere where I can vi the required settings, but as of now I am unable to locate the file.
Can you help point me to the wireless config file location on Tiger? I have explored all the gui AirPort settings which do not provide the settings I need to configure.
Thanks for your help.
Mac OS X (10.4.9)Sorry, wasn't paying attention and posted this in the windows group, when it's a Mac question. If you do know the answer feel free.
-
[CGSE] nat 0 working config
Hi, All:
Can someone provide a working config for a CGSE that implements NAT44 for traffic-A (src-A-privateAdd to any) and does NAT bypass (nat0) for traffic-B (src-B-publicAdd to any)? Can you implement it simultaneously on the same CGN card and same inside interface?
I read the configuration guide and from the only example is not clear to me: the fact that they use 0.0.0.0/0 as the address-pool makes me assume that traffic should retain it's own src-ip address, but it is not clear to me how I could do both at the same time on same card and same (only) inside interface/vrf.
Thanks!
c.
http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-2/cg-nat/configuration/guide/b_cgnat_cg52xasr9k/b_cgnat_cg52xasr9k_chapter_011.html#reference_956F69C110A54DC3BD998D9395C062B8
service cgn cgn1
service-location preferred-active 0/2/CPU0
service-type nat44 nat1
inside-vrf Inside_1
map outside-vrf ovrf outsideServiceApp ServiceApp2 address-pool 0.0.0.0/0
nat-mode no-natHi Jouni,
I went down this route -
object-group network DYNAMIC-PAT-SOURCE
network-object 192.168.127.0 255.255.255.0
network-object 192.168.128.0 255.255.255.0
nat (any,outside) after-auto source dynamic DYNAMIC-PAT-SOURCE interface
and it worked! What is this part of the command actually doing - after-auto source dynamic ? Also at the end of the command there is the interface word. How does this know to use the Outside interface?
Thanks
Maybe you are looking for
-
I bought a 20G iPod with color display in July of 2005. It is still in the warranty. A few weeks ago, my iPod stopped working. I followed all the troubleshooting steps but nothing worked. I was wondering.. is it possible to get a full money refund fo
-
Scanning multiple pages to multiple pdf on HP Laserjet M3035
We have a Laserjet M3035 MFP installed as network printer. We can scan multiple pages in to a single PDF to a folder on the server. We would like to scan multiple pages to multiple PDF to a folder on the server. e.g. one page to one pdf with the ADF
-
How to schedule a JOB in oracle
hi experts, i dont know why the following job has not run between the time from '25/MAR/2009 03:45 PM' to '25/MAR/2009 03:46 PM'. i have kept the repeat_interval => 'FREQ=SECONDLY'. so i believe this job has to run 60 time, but its not running. pleas
-
What is the best external hard drive to use with my MacBook Pro to use as a capture scratch disk?
-
welcome to support.mozilla.com before you can use your new account you must activate it-this ensures the e-mail address you used is valid and belongs to you.To account,click the link below or copy and paste the whole thing into your browser's bar: ht