Sample NAT-mode ESI Topology
This section describes the configuration for a sample NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.-mode topology using the managed device and three external captive-portal servers. NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. mode uses a trusted interface for each external captive-portal server and a different destination port to redirect a packet to a port other than the original destination port in the packet. An example topology is shown below in Figure 2.
Figure 1
In this example, all HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. traffic received by the managed device is redirected to the external captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. server group and load-balanced across the captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. servers. All wireless client traffic with destination port 80 is redirected to the captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. server group, with the new destination port 8080.
|
The external servers do not necessarily have to be on the subnet Subnet is the logical division of an IP network. as the managed device. The policy that redirects traffic to the external servers for load balancing is routed to the external servers if they are on a different subnet Subnet is the logical division of an IP network.. |
In the topology shown, the following configurations are entered on the managed device and external captive-portal servers:
ESI server configuration on the managed device
External captive-portal server 1:
Name = external_cp1
Trusted IP address = 10.1.1.1
Alternate destination port = 8080
External captive-portal server 2:
Name = external_cp2
Trusted IP address = 10.1.1.2
External captive-portal server 3:
Name = external_cp3
Trusted IP address = 10.1.1.3
Health-check ping:
Name = externalcp_ping
Frequency = 30 seconds
Retry-count = 2 attempts
Timeout = 2 seconds (2 seconds is the default)
Name = cp_redirect_acl Access Control List. ACL is a common way of restricting certain types of traffic on a physical port.
Session policy = user any svc‑http redirect esi‑group external_cps direction both