Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
874
Views
0
Helpful
1
Replies

Cisco CSS how to turn off Source NAT?

ddarby1
Level 1
Level 1

‎08-17-2007 05:50 AM

Hi,

A question to load balancer officionados:

We currently have a CSS operating in a 'one-armed design', however this performs Source NAT so that return traffic from web servers goes back through the CSS.

The problem is that we have a requirement to log and filter source addresses on the web servers.

I have found some references mentioning that this is possible using Direct Server Return (it seems to employ dispatch mode to do this).

Does anyone have any experience, better ideas, thoughts on such a design & how to accomplish it, etc.

Any replies are appreciated.

Labels:
0 Helpful
1 Reply 1

Diego Vargas
Cisco Employee
Cisco Employee

‎08-17-2007 04:13 PM

Hi,

The CSS is not able to perform DSR, what you can do to remove source NATing is remove the groups and configure the CSS as the default gateway of the servers.

This is usually a configuration implemented when using in-line style, however should work fine on one-arm. Also disable ICMP redirects on the CSS to avoid causing the asymmetric flows.

You can disable the ICMP redirects with this command on the VLAN configuration:

CSS(config-circuit-ip[VLAN112-10.198.16.80])# no redirects

Hope it helps!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents