DNS DHCP IPAM

Reply

Joining a infoblox-member to a master across a NAT group
jpelham
Techie
Posts: 5

‎05-14-2018 10:40 PM

2158     0

Hi,

 

I'm trying to join a infoblox-member to an infoblox-master across a NAT boundary. For whatever reason the connection is established and then straight away the member disconnects. The following is logged...

 

Grid-member at x.x.x.x is no longer connected. 

 

Suffice to say the respective rules for the OpenVPN (1194) and the Key Exchange 2114 across UDP are enabled and working and a traffic capture shows the member and master communicating across OpenVPN. 

 

On the master I first add the member as its accessible NAT address. Connectivity has been verified.

On the member I ran the set network command and type in the accessable NAT address of the master. The member then restarts and after the reboot comes up reporting its LAN port IPv4 as the NAT address! It then fails the join and on restarts comes back up reporting its LAN port IPv4 as its actual address again. Very odd.

 

The log on the master looks like this.

 

x.x.x.x:1194 [VPN Node] Peer connection initiated with x.x.x.x:1194

[VPN Node]x.x.x.x:1194 MULTI_sva : pool returned IPv4=169.254.0.5

[VPN Node]x.x.x.x:1194 send_push_reply() safe_cap=940

Grid Member at x.x.x.x has connected to grid-master

Grid Member at x.x.x.x is no longer connected (The IP here reflects the member NAT address)

Grid Member at x.x.x.x is no longer connected (The IP here reflects the member actual IP address)

 

Am I adding the member incorrectly or missing something else that is obvious!

 

Cheers

 

 

 

Labels:
Reply
0 Kudos

Re: Joining a infoblox-member to a master across a NAT group
jpelham
Techie
Posts: 5

‎05-14-2018 11:11 PM

2159     0

Ok, so I fixed this. It appears essential to configure the member servers advanced network settings and to define its NAT address. In Network > Advanced Enable NAT Compatibility. Leave the NAT Group empty and Add the NAT Addresses for the member. Without this it doesn't join. Kind of makes sense but I couldn't find anything about this in the official documentation.

Reply
0 Kudos

Re: Joining a infoblox-member to a master across a NAT group
DRudder
Authority
Posts: 45

‎05-15-2018 08:25 AM

2159     0

The documentation for NAT Groups is in the Admin guide under the "Deploying a Grid" chapter.

 

Here is a link to the NIOS 8.2 Documentation -- which has been basically the same for a long time now:

https://docs.infoblox.com/display/NAG8/NAT+Groups

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements

Businesses are investing heavily into securing company resources from cyber-attacks form cybercrimin

playicon

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community