[sbertrand]

Hi,

Here's the architecture:

[My_Server]------|my Fw CP|----link---|External Fw|---- [external-Host]

[My_Server] = 10.3.5.10

[My NATed Server] (by my Fw CP) = 10.33.55.10

[My_server]is seeing by [External Host] with the NATed address: 10.33.55.10

[External Host] is in fact a pool of clustered machines.

10.220.80.20 is the Master (it's only Listening) then,
10.220.80.19 (is a set of machine that sends packets over the network, a cluster member1)
10.220.80.18 (is a set of machine that sends packets over the network, a cluster member2)
10.220.80.17 (is a set of machine that sends packets over the network, a cluster member3)

[External Host]= (10.220.80.20) is NATed with [my Fw CP] as follow: 10.30.12.3

So... Here's the problem:

1- My Server (10.3.5.10) iniate a connection to the external Host,
2- The Fw CP, NAT the source address (10.3.5.10) to (10.33.55.10) and foward to the external listening Server (10.30.12.3)
3- Then, the [External Server] accept connection, BUT reply randomly (load balancing) with A cluster members:
10.220.80.18,
10.220.80.19,
10.220.80.17.

=> So the session opened in [my Fw CP] (the initate connection from my server)
has not the same destination Address when a cluster External Host is replying!

Note: The [external Fw] is unable to process NAT HIDE with External-Host,
anyway as long as [My_server] is initiating connection, hyde mode is not possible !!!

??? The Question is ???
=> How [my Fw CP] could match the reply connection (in his session table),
assume that the [external cluster machine] that is responding is different from the listening one?

Get it?
Thanks a million,
Steven