Carbon Copy connectivity through network address translator

Article:HOWTO1656  |  Created: 2006-01-16  |  Updated: 2006-01-16  |  Article URL http://www.symantec.com/docs/HOWTO1656
Article Type
How To


Problem

A Carbon Copy console user cannot connect to any Carbon Copy client system that resides a behind a network address translator (NAT).

Environment

Cause
Carbon Copy is not properly configured.

Resolution

Carbon copy will function properly when connecting to a carbon copy agent that is behind a NAT/firewall router.  There are certain requirements that must be met before this connection can properly take place.  

Because NAT represents a collection of systems behind the NAT router as a single IP address the Carbon copy connection should be configured to connect to the actual NAT router box itself and not the physical IP address of the Carbon Copy client.  NAT will not allow any type of connection directly to clients.  What must be done is to configure NAT’s port forwarding table to forward all data packets with a source port address of 1680 to a specific IP address (Carbon Copy client).  

Of course, this indicates that a one-to-one connection to this single Carbon Copy client can only exists.  The reason for this type of configuration is that NAT will not allow any packets to be forwarded to the internal network, where the Carbon Copy client resides since it does not have a match for the source port and the source IP address specified in the data packet header as the console user attempts to connect in to the specific client.  So if you add port 1680 to the port forwarding table within the NAT configuration and specify an IP address to forward these packets to, a connection to a Carbon Copy client specified as the IP address will occur.  

If you have more than one Carbon Copy client residing behind the NAT device, you will need to specify different port addresses linked to specific IP addresses within the NAT port forwarding table.  In conjunction with this, the Carbon copy port definition for the console and client users must be defined to use a TCP port , other than the default of 1680.  This can be done by adding the command entry of “TCP_Port=xxxx”  to the Carbon Copy section of the ccw32ini  file on each system in a connection.  Once this is done, then the Carbon Copy console is loaded and the Carbon Copy solution agent service is cycled and the appropriate entries are made in the NAT port forwarding table then additional one-to-one connections can occur.  

One final reminder, when the Carbon copy console user specifies an IP address to connect to it must specify the IP address of the physical NAT device and not the IP address of the Carbon Copy client that it will eventually connect to.  Once NAT receives a packet of the source IP address and source port information specified then  forwarding all packets from the console system to the defined IP address in the NAT forwarding table will occur and a connection will ensue.


Legacy ID



18028


Article URL http://www.symantec.com/docs/HOWTO1656


Terms of use for this information are found in Legal Notices