For more details, please see ourCookie Policy.

Application Delivery (ADX)

Not applicable
Posts: 1
Registered: ‎01-17-2012

ADX Switch Code Reverse NAT


I got 2 ADX on Hot-Stdy Redundancy; with 3 real servers balancing just DNS service. (Switch Code)

All the 3 servers, the ADX and ther Internet router are connected to a L2 Switch.

So I configure 1 VIP with an IP from the router subnet that is the public IP (190.34.XXX.XXX) where the clients queries will come.

Create the 3 servers on the subnet 172.18.38.XXX, and bind DNS port to the VIP1

Then configure a Source NAT IP in the subnet of the real servers ( to use NAT the queries to the real servers and the health checks.

Everything works fine the problem is when the real servers (DNS) want to go to internet because receive a client queries that is not authoritative so needs to forward the request to the root servers.

We configure the defaut gateway of the real servers to be the source NAT IP ( of the ADX and create a new VIP and binded to the "default" port to be the gateway to the traffic iniated by the real servers to the root server. Then i enable reverse nat on the real servers.

I follow all the instructions on the reverse nat configuration, but still the real server dont reach the internet...

Please need some help if someone knows how to solve this.

Occasional Contributor
Posts: 50
Registered: ‎12-14-2011

Re: ADX Switch Code Reverse NAT

The source-nat IP should not be used as a gateway. I think it's causing a problem.

You may want to use "dynamic IP NAT" instead of reverse NAT and  use your router as the default gateway on the real servers. Please, note that the same VIP address you use for DNS LB can be used for dynamic NAT IP. Basically, the reverse NAT feature has been integreted into the dynamic IP NAT feature and the newer release of ADX software may not have the reverse-nat command.

The dynamic NAT is explained in the ServerIron ADX security guide.

Join the Broadcom Community

Get quick and easy access to valuable resources across the Broadcom Community Network.