Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
0
Helpful
2
Replies

CSS source group NAT question

achrich
Level 1
Level 1

‎02-04-2008 08:36 AM

Hi,

Not sure if this is a common requirement or not but done a search on here on and seen similar questions so hoping someone might be able to help.

We have Cisco 11503`s and 2 x UNIX boxes each with 3 NIC`s that need to use SSH for internal management and also transfer of files.

The main problem is the UNIX hosts cannot control which interface the traffic leaves so whilst we have specific functions for most services tied to each NIC, SSH can use any of them.

Inbound is not a problem - content rule on the VIP however outbound is causing us some grief as we don't want ALL SSH traffic to be sourced by the NAT.

Is it possible to force the CSS to use the source group for specific hosts only ?

I.e. all normal internal traffic is not using the source group VIP but our defined hosts are forced to use the source NAT?

I've done some reading on ACL's but I'm not entirely sure these will help or not.

Any help appreciated.

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎02-04-2008 09:25 AM

you need an acl with the option 'sourcegroup'.

The acl must match the inbound traffic that will require nating.

Gilles.

0 Helpful

achrich
Level 1
Level 1
In response to Gilles Dufour

‎02-05-2008 05:13 AM

Do you know where I could find any configuration examples ?

There doesn`t seem to many floating around for ACLS.

Cheers

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents