CSS11500 NAT Question

Unanswered Question
Feb 22nd, 2007

Traffic orginating from service addresses are not being NAT'd to the VIP address - is this normal?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
andreas.larsen@... Mon, 02/26/2007 - 04:54

Yes if you want to nat traffic originating from servers "behind" a VIP you have to setup group ACLs to make that work.

Gilles Dufour Mon, 02/26/2007 - 08:55

what you need is a group config with a vip matching your content rule vip and use 'add service' under the group to add all the servers that should be nated.

No need for acl at this point.

ACL are only required if you sometimes need nat and sometimes you don't.

Here is a link to documentation.

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_command_reference_chapter09186a00800e4515.html#wp1674400

Gilles.

Actions

This Discussion