I'm mid upgrade on one of these routers, and 3com wants to charge almost as much per-incident as the router cost. Sigh.
What needs to happen, in the end, is NAT our private 192.168.100.0/24 block for our client machines, and assign all the webservers IPs from the 69.89.12.0/24 (changed to protect the innocent) block and pass traffic to/from the servers directly, without NAT.
What happens when I try to get things working without NAT is.... nothing. The (simplified) config looks like this:
#
firewall default deny
#
acl number 2001
rule 0 permit source 192.168.100.0 0.0.0.255
rule 1 permit source 69.89.12.0 0.0.0.255
#
interface Ethernet1/0
ip address 69.89.12.1 255.255.255.0
ip address 192.168.100.251 255.255.255.0 sub
vrrp vrid 1 virtual-ip 192.168.100.254
vrrp vrid 1 preempt-mode timer delay 5
vrrp vrid 1 timer advertise 5
vrrp vrid 2 virtual-ip 192.168.100.253
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 5
vrrp vrid 2 timer advertise 5
vrrp vrid 2 track Ethernet2/0 reduced 30
vrrp authentication-mode md5 $NB!>=XG3FKQ=^Q`MAF4<1!!
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface Ethernet1/3
#
interface Ethernet1/4
#
interface Ethernet2/0
speed 10
duplex full
ip address 207.179.1.14 255.255.255.0
firewall packet-filter 2001 outbound
I can get it working with NAT, but how do I get it to forward the damn server traffic without NAT? God these routers are a pain.
What needs to happen, in the end, is NAT our private 192.168.100.0/24 block for our client machines, and assign all the webservers IPs from the 69.89.12.0/24 (changed to protect the innocent) block and pass traffic to/from the servers directly, without NAT.
What happens when I try to get things working without NAT is.... nothing. The (simplified) config looks like this:
#
firewall default deny
#
acl number 2001
rule 0 permit source 192.168.100.0 0.0.0.255
rule 1 permit source 69.89.12.0 0.0.0.255
#
interface Ethernet1/0
ip address 69.89.12.1 255.255.255.0
ip address 192.168.100.251 255.255.255.0 sub
vrrp vrid 1 virtual-ip 192.168.100.254
vrrp vrid 1 preempt-mode timer delay 5
vrrp vrid 1 timer advertise 5
vrrp vrid 2 virtual-ip 192.168.100.253
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 5
vrrp vrid 2 timer advertise 5
vrrp vrid 2 track Ethernet2/0 reduced 30
vrrp authentication-mode md5 $NB!>=XG3FKQ=^Q`MAF4<1!!
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface Ethernet1/3
#
interface Ethernet1/4
#
interface Ethernet2/0
speed 10
duplex full
ip address 207.179.1.14 255.255.255.0
firewall packet-filter 2001 outbound
I can get it working with NAT, but how do I get it to forward the damn server traffic without NAT? God these routers are a pain.