CSS source group NAT question

Unanswered Question
Feb 4th, 2008

Hi,

Not sure if this is a common requirement or not but done a search on here on and seen similar questions so hoping someone might be able to help.

We have Cisco 11503`s and 2 x UNIX boxes each with 3 NIC`s that need to use SSH for internal management and also transfer of files.

The main problem is the UNIX hosts cannot control which interface the traffic leaves so whilst we have specific functions for most services tied to each NIC, SSH can use any of them.

Inbound is not a problem - content rule on the VIP however outbound is causing us some grief as we don't want ALL SSH traffic to be sourced by the NAT.

Is it possible to force the CSS to use the source group for specific hosts only ?

I.e. all normal internal traffic is not using the source group VIP but our defined hosts are forced to use the source NAT?

I've done some reading on ACL's but I'm not entirely sure these will help or not.

Any help appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Mon, 02/04/2008 - 09:25

you need an acl with the option 'sourcegroup'.

The acl must match the inbound traffic that will require nating.

Gilles.

achrich Tue, 02/05/2008 - 05:13

Do you know where I could find any configuration examples ?

There doesn`t seem to many floating around for ACLS.

Cheers

Actions

This Discussion