由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
EmergingNetworking版 - 问高手们一个cisco问题
相关主题
40/100G Throughput FirewallNetwork Onion
大牛们推荐个VPN+FIREWALL的路由器吧VMware to buy Nicira for $1.26B
请教一个网络访问记录的问题Cisco退出server load balancer市场了
cisco to lay offJuniper/NetScreen 5GT-WLAN for home
Cisco UC vs. Avaya UC现在virtulization似乎很火啊
安全是整个市场最迷惑的板块。[合集] heart attack
Chrome26访问mitbbs问题transparant mode in netscreen 5gt
提个话题:大家谈谈有哪些有前途的网络公司吧!Juniper Kills Its Session Controllers and laid off 200
相关话题的讨论汇总
话题: nat话题: ip话题: pat话题: cisco话题: same
进入EmergingNetworking版参与讨论
1 (共1页)
w*****r
发帖数: 89
1
在netscreen,iptables以及无数低端firewall里
都可以实现一个简单功能
多个public ip指向同一个private ip
但是cisco asa这个高端firewall
比如俺已经把pub1和private1对应起来了
再想把pub2指向privte1,系统不让,说private1已经和pub1 nat了
call过cisco,他们也说不能
奶奶的,这么简单的事情,竟然不行?
郁闷ing
w*****r
发帖数: 89
2
damn it
还是在foundry load balancer方解决了
如果是nat到一台机器,简单,机器增加一个alias ip就可以了
问题是要nat到一个vip
call了foundry,找到了work around
妈妈的,这么easy一破功能cisco咋不支持呢

【在 w*****r 的大作中提到】
: 在netscreen,iptables以及无数低端firewall里
: 都可以实现一个简单功能
: 多个public ip指向同一个private ip
: 但是cisco asa这个高端firewall
: 比如俺已经把pub1和private1对应起来了
: 再想把pub2指向privte1,系统不让,说private1已经和pub1 nat了
: call过cisco,他们也说不能
: 奶奶的,这么简单的事情,竟然不行?
: 郁闷ing

b******e
发帖数: 66
3
Not clear about your requirement, but how DNS is coming into picture here? no
matter how many millions domains are mapped to this IP address, to routers/
ASAs it is just another IP address.

【在 w*****r 的大作中提到】
: damn it
: 还是在foundry load balancer方解决了
: 如果是nat到一台机器,简单,机器增加一个alias ip就可以了
: 问题是要nat到一个vip
: call了foundry,找到了work around
: 妈妈的,这么easy一破功能cisco咋不支持呢

z**r
发帖数: 17771
4
sure pat can work, your case is a simple case for a wildcard vip + pat

【在 w*****r 的大作中提到】
: damn it
: 还是在foundry load balancer方解决了
: 如果是nat到一台机器,简单,机器增加一个alias ip就可以了
: 问题是要nat到一个vip
: call了foundry,找到了work around
: 妈妈的,这么easy一破功能cisco咋不支持呢

z**r
发帖数: 17771
5
different vendors give NAT different definations, a lot of them call NPAT as
NAT for the sake of convenience and confusion, Cisco calls NAT as NAT and NPAT
as PAT. You cannot just map the 2 addresses, I mean, the real NAT, to one
single IP, you have to always use PAT, this is the standard

【在 w*****r 的大作中提到】
: damn it
: 还是在foundry load balancer方解决了
: 如果是nat到一台机器,简单,机器增加一个alias ip就可以了
: 问题是要nat到一个vip
: call了foundry,找到了work around
: 妈妈的,这么easy一破功能cisco咋不支持呢

z**r
发帖数: 17771
6
why complain? because it should not be allowed, refer to post 1107

【在 w*****r 的大作中提到】
: damn it
: 还是在foundry load balancer方解决了
: 如果是nat到一台机器,简单,机器增加一个alias ip就可以了
: 问题是要nat到一个vip
: call了foundry,找到了work around
: 妈妈的,这么easy一破功能cisco咋不支持呢

j****r
发帖数: 30
7
I was wrong.
You can use the Internet router to do the PAT as workaround.

【在 w*****r 的大作中提到】
: damn it
: 还是在foundry load balancer方解决了
: 如果是nat到一台机器,简单,机器增加一个alias ip就可以了
: 问题是要nat到一个vip
: call了foundry,找到了work around
: 妈妈的,这么easy一破功能cisco咋不支持呢

w*****r
发帖数: 89
8
maybe my understanding of pat is not right
need to read to get more accurate definition about it.
My understanding was:
pat:
addressA:801 ----> private_addressA1:80
addressA:802 ---->private_AddressA2:80
or sth like that
can you point both addressA:80 and addressB:80 to the same
private_addres:80?
well, this is not for the purpose of my original post already,
just to discuss

【在 z**r 的大作中提到】
: sure pat can work, your case is a simple case for a wildcard vip + pat
z**r
发帖数: 17771
9
check out PAT

【在 w*****r 的大作中提到】
: 在netscreen,iptables以及无数低端firewall里
: 都可以实现一个简单功能
: 多个public ip指向同一个private ip
: 但是cisco asa这个高端firewall
: 比如俺已经把pub1和private1对应起来了
: 再想把pub2指向privte1,系统不让,说private1已经和pub1 nat了
: call过cisco,他们也说不能
: 奶奶的,这么简单的事情,竟然不行?
: 郁闷ing

j****r
发帖数: 30
10
Outside NAT sould work on Cisco.

【在 w*****r 的大作中提到】
: damn it
: 还是在foundry load balancer方解决了
: 如果是nat到一台机器,简单,机器增加一个alias ip就可以了
: 问题是要nat到一个vip
: call了foundry,找到了work around
: 妈妈的,这么easy一破功能cisco咋不支持呢

相关主题
安全是整个市场最迷惑的板块。Network Onion
Chrome26访问mitbbs问题VMware to buy Nicira for $1.26B
提个话题:大家谈谈有哪些有前途的网络公司吧!Cisco退出server load balancer市场了
进入EmergingNetworking版参与讨论
w*****r
发帖数: 89
11
damn it
还是在foundry load balancer方解决了
如果是nat到一台机器,简单,机器增加一个alias ip就可以了
问题是要nat到一个vip
call了foundry,找到了work around
妈妈的,这么easy一破功能cisco咋不支持呢

【在 w*****r 的大作中提到】
: 在netscreen,iptables以及无数低端firewall里
: 都可以实现一个简单功能
: 多个public ip指向同一个private ip
: 但是cisco asa这个高端firewall
: 比如俺已经把pub1和private1对应起来了
: 再想把pub2指向privte1,系统不让,说private1已经和pub1 nat了
: call过cisco,他们也说不能
: 奶奶的,这么简单的事情,竟然不行?
: 郁闷ing

z**r
发帖数: 17771
12
different vendors give NAT different definations, a lot of them call NPAT as
NAT for the sake of convenience and confusion, Cisco calls NAT as NAT and NPAT
as PAT. You cannot just map the 2 addresses, I mean, the real NAT, to one
single IP, you have to always use PAT, this is the standard

【在 w*****r 的大作中提到】
: damn it
: 还是在foundry load balancer方解决了
: 如果是nat到一台机器,简单,机器增加一个alias ip就可以了
: 问题是要nat到一个vip
: call了foundry,找到了work around
: 妈妈的,这么easy一破功能cisco咋不支持呢

b******e
发帖数: 66
13
Have you tried the following simple two lines of configuration:
global (inside) 1 192.168.1.1 <---- your private IP address
nat (outside) 1 92.68.1.0 255.255.255.0 <--- your public IP addresses
To the firewall it really does not care public or private addreesses, it can
do any kind of address
translation.

【在 w*****r 的大作中提到】
: damn it
: 还是在foundry load balancer方解决了
: 如果是nat到一台机器,简单,机器增加一个alias ip就可以了
: 问题是要nat到一个vip
: call了foundry,找到了work around
: 妈妈的,这么easy一破功能cisco咋不支持呢

w*****r
发帖数: 89
14
I need to "static" nat two public ip to the same internal ip.
it won't allow me for the second nat, complaining that private
ip already been static natted with another ip.
anyways, found ways to work it around.

【在 j****r 的大作中提到】
: Outside NAT sould work on Cisco.
z**r
发帖数: 17771
15
你到底想做什么?把你的application说清楚了

【在 w*****r 的大作中提到】
: damn it
: 还是在foundry load balancer方解决了
: 如果是nat到一台机器,简单,机器增加一个alias ip就可以了
: 问题是要nat到一个vip
: call了foundry,找到了work around
: 妈妈的,这么easy一破功能cisco咋不支持呢

w*****r
发帖数: 89
16
there are some more twist in the vip to prevent a wildcard vip,
for example, we don't just load balance port 80, hehe
anyways, I did similiar things
made up two vips with same server pool
and nat each of them to a public ip.
only thing is even to do that, the load balancer prevent two vip
with same server farm bind to them at the same time.
have to play some tricks over there.
some cheap low lever equipments were really easy, just make up
two rules with same static nat, or bind same real servers

【在 z**r 的大作中提到】
: 你到底想做什么?把你的application说清楚了
z**r
发帖数: 17771
17
why complain? because it should not be allowed, refer to post 1107

【在 w*****r 的大作中提到】
: there are some more twist in the vip to prevent a wildcard vip,
: for example, we don't just load balance port 80, hehe
: anyways, I did similiar things
: made up two vips with same server pool
: and nat each of them to a public ip.
: only thing is even to do that, the load balancer prevent two vip
: with same server farm bind to them at the same time.
: have to play some tricks over there.
: some cheap low lever equipments were really easy, just make up
: two rules with same static nat, or bind same real servers

w*****r
发帖数: 89
18
yeah, my point is, why they try to make things so hard
why complain?
just allow those things, what's the harm?

【在 z**r 的大作中提到】
: why complain? because it should not be allowed, refer to post 1107
z**r
发帖数: 17771
19
check out PAT

【在 w*****r 的大作中提到】
: 在netscreen,iptables以及无数低端firewall里
: 都可以实现一个简单功能
: 多个public ip指向同一个private ip
: 但是cisco asa这个高端firewall
: 比如俺已经把pub1和private1对应起来了
: 再想把pub2指向privte1,系统不让,说private1已经和pub1 nat了
: call过cisco,他们也说不能
: 奶奶的,这么简单的事情,竟然不行?
: 郁闷ing

w*****r
发帖数: 89
20
there are some more twist in the vip to prevent a wildcard vip,
for example, we don't just load balance port 80, hehe
anyways, I did similiar things
made up two vips with same server pool
and nat each of them to a public ip.
only thing is even to do that, the load balancer prevent two vip
with same server farm bind to them at the same time.
have to play some tricks over there.
some cheap low lever equipments were really easy, just make up
two rules with same static nat, or bind same real servers

【在 z**r 的大作中提到】
: check out PAT
z**r
发帖数: 17771
21
easy to solve this problem, a simple policy based wildcard vip serves you
perfectly
your work around does NOT scale, use mine, hoho

【在 w*****r 的大作中提到】
: there are some more twist in the vip to prevent a wildcard vip,
: for example, we don't just load balance port 80, hehe
: anyways, I did similiar things
: made up two vips with same server pool
: and nat each of them to a public ip.
: only thing is even to do that, the load balancer prevent two vip
: with same server farm bind to them at the same time.
: have to play some tricks over there.
: some cheap low lever equipments were really easy, just make up
: two rules with same static nat, or bind same real servers

1 (共1页)
进入EmergingNetworking版参与讨论
相关主题
Juniper Kills Its Session Controllers and laid off 200Cisco UC vs. Avaya UC
请教一个VPN的问题安全是整个市场最迷惑的板块。
关键词:raw socket, python, sec tunnel, twisted (转载)Chrome26访问mitbbs问题
Site-to-Site VPN 路由器的配置是必须的是吧?提个话题:大家谈谈有哪些有前途的网络公司吧!
40/100G Throughput FirewallNetwork Onion
大牛们推荐个VPN+FIREWALL的路由器吧VMware to buy Nicira for $1.26B
请教一个网络访问记录的问题Cisco退出server load balancer市场了
cisco to lay offJuniper/NetScreen 5GT-WLAN for home
相关话题的讨论汇总
话题: nat话题: ip话题: pat话题: cisco话题: same