One ftp server, 3 internet IP

Hi,

My question is a bit tricky, I need your points on this.

First, please have a look at the small diagram I've posted there.

The ftp server has only one default gateway. So, we need something in front of the ftp to detect from which PIX the connection is coming and then to force the packets to keep using the same PIX for coming back.

Dynamic routing does ot apply here since the end user decides really himself the path

Thank you!

JC

In article , Jean-Claude wrote: [3 different PIX connected to a single network]

:The ftp server has only one default gateway. So, we need something in front :of the ftp to detect from which PIX the connection is coming and then to :force the packets to keep using the same PIX for coming back.

If it is not important that the FTP server itself be able to log the original IP address of the user, then what you can do is tell each of the PIXes to nat the *source* addresses to an IP address range that is specific to the PIX.

For example, you could nat the Equant sources to 192.168.14.x, the Cold to 192.168.45.x, and the MCI to 192.168.89.x .

Your LAN router would direct outgoing packets with these destinations back to the appropriate PIX. The PIX would recognize that destination IP was NAT'd and would un-NAT the destination back to the original source address that was on the packet that was incoming.

This process does not work if you need the inside machines to see the -original- source IP addresses (e.g., for authentication purposes.)

Ok, I hide nat the Internet clouds. Good idea ;-)

JC