Need help in CSS Nat issue

Answered Question
Nov 16th, 2007

Hi,

I have a set-up below and trying to test out the CSS, i have problem browsing from server towards the internet . It seems that the CSS is blocking it. The default gateway of the servers is 192.168.1.30 which is the circuit vlan ip facing server farm. Is there anything i miss out why its not working?

!*************************** GLOBAL ***************************

no restrict web-mgmt

bridge priority 65000

dns primary 20.0.0.1

ftp-record DEFAULT_FTP 192.168.88.142 anonymous des-password phyfzfqa6f2dheqb

/DOWNLOADS

ip route 0.0.0.0 0.0.0.0 192.168.100.1 1

ip route 192.168.1.0 255.255.255.0 192.168.1.1 1

!************************* INTERFACE *************************

interface e1

description "INSIDE_NETWORK"

bridge vlan 10

interface e2

description "OUTSIDE_NETWORK"

bridge vlan 100

!************************** CIRCUIT **************************

circuit VLAN10

description "SERVERFARM_VLAN"

ip address 192.168.1.30 255.255.255.0

circuit VLAN100

description "WWW_FACING_VLAN"

ip address 192.168.100.30 255.255.255.0

!************************** SERVICE **************************

service SERVER1

ip address 192.168.1.31

protocol tcp

keepalive type http

keepalive port 80

keepalive tcp-close fin

active

service SERVER2

ip address 192.168.1.32

protocol tcp

keepalive type http

keepalive port 80

keepalive tcp-close fin

active

!*************************** OWNER ***************************

owner OWNER

content CRM

vip address 192.168.100.31

add service SERVER1

protocol tcp

port 80

url "/sugarcrm/*"

active

content IIS

vip address 192.168.100.32

add service SERVER2

protocol tcp

port 80

url "/*"

active

I have this problem too.
0 votes
Correct Answer by Diego Vargas about 9 years 3 weeks ago

Hi, try adding s source group to NAT source IP of the traffic sourced from the servers going to the outside, like this:

group outbound

add service SERVER1

add service SERVER2

vip address 192.168.100.31

active

Hope it helps!!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Diego Vargas Fri, 11/16/2007 - 10:05

Hi, try adding s source group to NAT source IP of the traffic sourced from the servers going to the outside, like this:

group outbound

add service SERVER1

add service SERVER2

vip address 192.168.100.31

active

Hope it helps!!

Actions

This Discussion