I have to configure two CSS11503 to forward the connection request from two servers to CPEs. The problem is that the CPEs are in various subnets.
Now, I think that I can't use the service and the group command but the nql command.
Could anyone tell me if that it's correct? If not, how can I configure that?
Thank you very much.
you can use group and service but in this case the CSS will nat all traffic from the services, not just the traffic sent to the CPE.
If you want to limit nating to some destination only, you need to use acl.
NQL are not really necessary.
An ACL to achieve what you need will look like this :
clause 10 permit any destination sourcegroup
clause 99 permit any any destination any
Match the source and destination for which you need nating and insert as many clauses as necessary.