Hi,
our NAT problem is a strange 1, the scenario is as follows:
we are migrating 50 servers to a new building, these r mission and business critical. IT have decided to implement multiple VLANs to improve security. We have decided to migrate servers to new vlans whilst in their current location, so we r simply altering the IP address etc and altering the switchport vlan membership. once all servers are re-addressed we will decomission the VLAN and re-create it at the new building then move the server.
we have implemented NAT on the core switches to ensure our Wyze terminals can connect to our citrix farm in it's old address once it has been moved. Our problems stem from authentication through the NAT.... sometimes when i ping a migrated server on the old address, the ping will say 'replying from' the old address, where it should be replying from the new address. I believe this situation is effecting the netlogon header and resulting in authentication failures, where no authentication is required i.e. anonymous IIS access.. there are no problems.
Now sometimes the 'reply from' address will alter with no warning, still 100% success but just says 'reply from' the old address as it's being nat'd correctly. If u use a ping -t u sometimes catch it changing!
We are using static nat statements for each server. Debugs on the switch show nothing. I've tried removing possible other areas of faulure such as arp cache but with no success.
Any ideas before i go mental?
thanks in advance.
jrb
our NAT problem is a strange 1, the scenario is as follows:
we are migrating 50 servers to a new building, these r mission and business critical. IT have decided to implement multiple VLANs to improve security. We have decided to migrate servers to new vlans whilst in their current location, so we r simply altering the IP address etc and altering the switchport vlan membership. once all servers are re-addressed we will decomission the VLAN and re-create it at the new building then move the server.
we have implemented NAT on the core switches to ensure our Wyze terminals can connect to our citrix farm in it's old address once it has been moved. Our problems stem from authentication through the NAT.... sometimes when i ping a migrated server on the old address, the ping will say 'replying from' the old address, where it should be replying from the new address. I believe this situation is effecting the netlogon header and resulting in authentication failures, where no authentication is required i.e. anonymous IIS access.. there are no problems.
Now sometimes the 'reply from' address will alter with no warning, still 100% success but just says 'reply from' the old address as it's being nat'd correctly. If u use a ping -t u sometimes catch it changing!
We are using static nat statements for each server. Debugs on the switch show nothing. I've tried removing possible other areas of faulure such as arp cache but with no success.
Any ideas before i go mental?
thanks in advance.
jrb