Need help in CSS Nat issue

Answered Question
Nov 16th, 2007
User Badges:

Hi,


I have a set-up below and trying to test out the CSS, i have problem browsing from server towards the internet . It seems that the CSS is blocking it. The default gateway of the servers is 192.168.1.30 which is the circuit vlan ip facing server farm. Is there anything i miss out why its not working?



!*************************** GLOBAL ***************************

no restrict web-mgmt

bridge priority 65000


dns primary 20.0.0.1


ftp-record DEFAULT_FTP 192.168.88.142 anonymous des-password phyfzfqa6f2dheqb

/DOWNLOADS


ip route 0.0.0.0 0.0.0.0 192.168.100.1 1

ip route 192.168.1.0 255.255.255.0 192.168.1.1 1


!************************* INTERFACE *************************

interface e1

description "INSIDE_NETWORK"

bridge vlan 10


interface e2

description "OUTSIDE_NETWORK"

bridge vlan 100


!************************** CIRCUIT **************************

circuit VLAN10

description "SERVERFARM_VLAN"


ip address 192.168.1.30 255.255.255.0


circuit VLAN100

description "WWW_FACING_VLAN"


ip address 192.168.100.30 255.255.255.0


!************************** SERVICE **************************

service SERVER1

ip address 192.168.1.31

protocol tcp

keepalive type http

keepalive port 80

keepalive tcp-close fin

active


service SERVER2

ip address 192.168.1.32

protocol tcp

keepalive type http

keepalive port 80

keepalive tcp-close fin

active


!*************************** OWNER ***************************

owner OWNER


content CRM

vip address 192.168.100.31

add service SERVER1

protocol tcp

port 80

url "/sugarcrm/*"

active


content IIS

vip address 192.168.100.32

add service SERVER2

protocol tcp

port 80

url "/*"

active

Correct Answer by Diego Vargas about 9 years 6 months ago

Hi, try adding s source group to NAT source IP of the traffic sourced from the servers going to the outside, like this:


group outbound

add service SERVER1

add service SERVER2

vip address 192.168.100.31

active


Hope it helps!!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Diego Vargas Fri, 11/16/2007 - 10:05
User Badges:
  • Cisco Employee,

Hi, try adding s source group to NAT source IP of the traffic sourced from the servers going to the outside, like this:


group outbound

add service SERVER1

add service SERVER2

vip address 192.168.100.31

active


Hope it helps!!

Actions

This Discussion