Use of content rule vs source group for NATing

Unanswered Question

To NAT outgoing flows out of two servers, is it necessary to define a content rule and source group (or is just a source group sufficient?).

Having trouble with Option 2.

Option 1:

service svr1

ip address 192.168.10.1

no port

protocol tcp

active

Also does CSS do NAPT i.e. alter the source port number for outgoing packets from source groups?

service svr2

ip address 192.168.10.2

no port

protocol tcp

active

content outflows

protocol tcp

add service svr1

add service svr2

vip address <externalip>

active

group outgrp

vip address <external ip>

add service svr1

add service svr2

active

<add appropriate acl>

Option 2:

service svr1

ip address 192.168.10.1

no port

protocol tcp

active

service svr2

ip address 192.168.10.2

no port

protocol tcp

active

group outgrp

vip address <external ip>

add service svr1

add service svr2

active

<add appropriate acl>

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Wed, 05/30/2007 - 23:35

to nat connections initiated by the server, you only need a source group.

No need for a content rule.

The CSS will port nat.

Gilles.

Actions

This Discussion