Use of content rule vs source group for NATing

Unanswered Question

To NAT outgoing flows out of two servers, is it necessary to define a content rule and source group (or is just a source group sufficient?).


Having trouble with Option 2.


Option 1:


service svr1

ip address 192.168.10.1

no port

protocol tcp

active


Also does CSS do NAPT i.e. alter the source port number for outgoing packets from source groups?


service svr2

ip address 192.168.10.2

no port

protocol tcp

active


content outflows

protocol tcp

add service svr1

add service svr2

vip address <externalip>

active


group outgrp

vip address <external ip>

add service svr1

add service svr2

active


<add appropriate acl>


Option 2:



service svr1

ip address 192.168.10.1

no port

protocol tcp

active


service svr2

ip address 192.168.10.2

no port

protocol tcp

active


group outgrp

vip address <external ip>

add service svr1

add service svr2

active


<add appropriate acl>


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Wed, 05/30/2007 - 23:35
User Badges:
  • Cisco Employee,

to nat connections initiated by the server, you only need a source group.

No need for a content rule.

The CSS will port nat.


Gilles.

Actions

This Discussion