10-11-2012 07:39 PM
I have a customer with a one armed ms lync configuration. As the majority of their VIPS and Real servers belong to the same subnets, and the gateway on the servers is the local firewall/router, each real server will need SNAT configured to ensure the traffic returns through the ADX.
However, as this is MS Lync, there will be certain ports on certain VIPS delivering audio/video content which will need to bypass the adx to ensure fast response delivery to the client.
I cannot provide the exact configuration, however as a rule will the below configuration have the required results (where x and y are port numbers):
server virtual VS1 10.10.10.1
port x dsr
bind x RS1 x RS2 x
bind y RS1 y RS2 y
server real RS1 10.10.10.2
server real RS2 10.10.10.3
So desired result is that:
port x traffic will return directly to client using dsr
port y traffic will return through the adx using snat
I am concerned, that with the required SNAT configuration, that the dsr will not function (i.e. the client source IP will be translated and therefore the destination of the return packet from the real server will be the ADX, even though dsr is enabled). OR...does dsr supercede the source-nat? In case it makes a difference they are running version 12.4 of router code (required as they have both external subnets and internal subnets configured for VIPS).
Any help is much appreciated...