When the LSNAT router has been configured with server farms, real servers, and virtual servers and these LSNAT components have been placed “in service,” the real servers are protected from direct client access for all services.
If you want to provide direct client access to real servers configured as part of a server farm, there are two mechanisms that can provide direct client access.
The first mechanism allows you to identify specific client networks that can set up connections directly to a real server‘s IP address, as well as continue to use the virtual server IP address. This method is configured in global configuration mode with the ip slb real-server access client command for an IPv4 real server and the ipv6 slb real-server access client command for an IPv6 real server.
The second mechanism allows all clients to directly access all services provided by real servers, except for those services configured for server load balancing. This method is configured in global configuration mode with the ip slb real-server access unrestricted command for an IPv4 real server and the ipv6 slb real-server access unrestricted command for an IPv6 real server.