cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
389
Views
0
Helpful
3
Replies

CSS11500 NAT Question

thetac
Level 1
Level 1

Traffic orginating from service addresses are not being NAT'd to the VIP address - is this normal?

3 Replies 3

michael.marth
Level 1
Level 1

Yes this is normal.

Yes if you want to nat traffic originating from servers "behind" a VIP you have to setup group ACLs to make that work.

Gilles Dufour
Cisco Employee
Cisco Employee

what you need is a group config with a vip matching your content rule vip and use 'add service' under the group to add all the servers that should be nated.

No need for acl at this point.

ACL are only required if you sometimes need nat and sometimes you don't.

Here is a link to documentation.

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_command_reference_chapter09186a00800e4515.html#wp1674400

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: