Re: fun problem - possibly not possible

["Brian Loe" <knobdy () gmail com>]

On 3/24/06, Paul Melson <pmelson () gmail com> wrote:
> -----Original Message-----
> Subject: Re: [fw-wiz] fun problem - possibly not possible
> What protocol(s) are you using Network Dispatcher for?  I'm not sure I
> understand why 1) Network Dispatcher has to reference the other servers by
> their public addresses and not their DMZ addresses and 2) why you've got the
> firewall doing NAT for the servers you're trying to load balance with
> Network Dispatcher.

The reason I have to do it that way is because I'm not an AIX
administrator and those that are say this is how it has to be - and I
guess they're not real motivated to investigate other methods. This
will be a serious issue for them in the near future, however, since if
we stay with the AIX software solution (as opposed to a BigIP or CSS
appliance) they're going to have to figure out how to do it "right" -
so we can start NATing everything. If you know the software, can you
point me in the direction of documentation on how to set this type of
thing up? I've querried the IBM site some and come up empty (though
considering their attitudes, I didn't bother getting too involved in
it).

> If you were doing this with almost anything other than a PIX, this would
> probably work the way you have it configured.  But since a PIX won't route
> or NAT across the same interface, it doesn't work.  That said, I don't think
> you need it configured that way in order for this to work.

Agreed, but thats a plus, right? I mean, other devices are just adding
automatically what I'm missing here, right? I'm sure there's still a
way to do it with a PIX - the alias command and a route perhaps?
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards