CSS and NAT problems (easy one?)

Unanswered Question
May 9th, 2007

Hi,

I am trying the simplest of configurations, attempting to Load-Balance traffic using two servers and a single CSS. I am using "Routed" mode, but am experiencing problems with NAT. I am new to the world of CSSs.

I have two servers that have the VIP 80.80.80.230. All traffic is initiated from the client-side (public) and talks to this VIP address. All RETURN traffic must be NATed (by the CSS) with this VIP address. I would expect:-

CLIENT (PUBLIC) -----> 80.80.80.230 (SERVER-VIP)

CLIENT (PUBLIC) <----- 80.80.80.230 (SERVER-VIP)

However, this configuration does not seem to work for me. When I sniff, I see the return traffic is NOT being NATed ....I see the following :

CLIENT (PUBLIC) ----------------------> 80.80.80.230

CLIENT (PUBLIC) <----------------------10.10.10.2

Here is my config :

ip route 0.0.0.0 0.0.0.0 80.80.80.225 1

!************************* INTERFACE *************************

interface e2

bridge vlan 2

!************************** CIRCUIT **************************

circuit VLAN1

ip address 80.80.80.227 255.255.255.240

circuit VLAN2

ip address 10.10.10.1 255.255.255.0

!************************** SERVICE **************************

service server1

ip address 10.10.10.2

port 5060

active

service server2

ip address 10.10.10.3

port 5060

!*************************** OWNER

owner me

content lbal

port 5060

protocol udp

vip address 80.80.80.230

add service server1

add service server2

application sip

active

!*************************** GROUP

group clients-group

vip address 80.80.80.230

add service server1

add service server2

active

CSS11501 /Version 7.4

I have tried this config with and without the NAT Group (clients-group) but to no avail.

Please please can someone stop me from going crazy with this. Any help really apprectaied.

Grazie !

Matt

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Diego Vargas Wed, 05/09/2007 - 10:45

Hi Matt,

On the group use "add destination service" instead of "add service". That will do source NATing of traffic hitting the VIP.

Looks like this:

group clients-group

vip address 80.80.80.230

add destination service server1

add destination service server2

active

Diego

Actions

This Discussion