Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
488
Views
0
Helpful
4
Replies

Uplink traffic portmap on client destination port

gpangallo
Level 1
Level 1

‎04-02-2008 05:42 AM

Hi,

I have a problem regarding to the CSS configuration.

In details, I have to configure the following flow on CSS:

server request --> CSS VIP:port1 --> CSS VIP: port1 --> Client:port 2.

Does anyone know how I can configure it?

Thank you.

Best regards.

Giuseppe

Labels:
0 Helpful
4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

‎04-02-2008 06:39 AM

Giuseppe,

we'll need more details.

Is the server opening a connection with any client ??? or some particular ones ???

We can only portnat if the destination is defined as a service.

Is this TCP or UDP ?

Gilles.

0 Helpful

gpangallo
Level 1
Level 1
In response to Gilles Dufour

‎04-02-2008 06:56 AM

Hi Gilles,

Thank you for the answer.

I send you more information.

The connection is HTTP, so TCP.

The flow is terminated on a network like 10.0.0.0/8.

The CSS has to know, when on port 1080 arrive a request to the VIP address from servers, forwarding it to destination network in nql (more network) at port 8081 using the same VIP as source address.

I don't know if I explain well the issue.

Let me know if you need further info.

Thanks.

Regards.

Giuseppe.

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to gpangallo

‎04-02-2008 08:39 AM

reusing the vip ip address is possible.

You need to configure a group with the same vip address.

But you can't specify the source port.

Nating the destination port without nowing the exact destination in advance is not possible.

Except for HTTP.

We can intercept the http request to port 1080 and send an HTTP redirect to the server with a different destination port.

The server will see the new port.

This is not transparent.

Gilles.

0 Helpful

gpangallo
Level 1
Level 1
In response to Gilles Dufour

‎04-03-2008 06:33 AM

Hi Gilles,

thank you for your advice.

I just have a group configured for the natting through VIP address.

I thing the same thing but I don't know how to translate that in commands. For HTTP redirect I must configure external networks as services. Is it correct?

Thank you in advance.

Regards.

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents