Uplink traffic portmap on client destination port

Unanswered Question
Apr 2nd, 2008
User Badges:

Hi,


I have a problem regarding to the CSS configuration.

In details, I have to configure the following flow on CSS:


server request --> CSS VIP:port1 --> CSS VIP: port1 --> Client:port 2.


Does anyone know how I can configure it?


Thank you.


Best regards.


Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Wed, 04/02/2008 - 06:39
User Badges:
  • Cisco Employee,

Giuseppe,


we'll need more details.

Is the server opening a connection with any client ??? or some particular ones ???

We can only portnat if the destination is defined as a service.


Is this TCP or UDP ?


Gilles.

gpangallo Wed, 04/02/2008 - 06:56
User Badges:

Hi Gilles,


Thank you for the answer.

I send you more information.

The connection is HTTP, so TCP.

The flow is terminated on a network like 10.0.0.0/8.

The CSS has to know, when on port 1080 arrive a request to the VIP address from servers, forwarding it to destination network in nql (more network) at port 8081 using the same VIP as source address.


I don't know if I explain well the issue.


Let me know if you need further info.


Thanks.


Regards.


Giuseppe.


Gilles Dufour Wed, 04/02/2008 - 08:39
User Badges:
  • Cisco Employee,

reusing the vip ip address is possible.

You need to configure a group with the same vip address.

But you can't specify the source port.

Nating the destination port without nowing the exact destination in advance is not possible.

Except for HTTP.

We can intercept the http request to port 1080 and send an HTTP redirect to the server with a different destination port.

The server will see the new port.

This is not transparent.


Gilles.

gpangallo Thu, 04/03/2008 - 06:33
User Badges:

Hi Gilles,


thank you for your advice.


I just have a group configured for the natting through VIP address.

I thing the same thing but I don't know how to translate that in commands. For HTTP redirect I must configure external networks as services. Is it correct?


Thank you in advance.


Regards.


Giuseppe



Actions

This Discussion