Sourcegroup server NAT clarification

Unanswered Question
May 2nd, 2008
User Badges:

Using a CSS11501 in routed mode and we need the servers to have access to the VIPs for testing.

I know we have to NAT the server ip to force the response back through the CSS and I got this working before using:


clause 5 permit any <server ip> destination content <owner>/<rule> sourcegroup <sourcegroupname>


but this time we have multiple content rules using the same VIP address (different tcp ports) that the servers will need access to.

Will the source NAT still work if I specify the VIP ip address instead of the content rule?


e.g:

clause 5 permit any <server ip> destination <VIP address> sourcegroup <sourcegroupname>


If this is feasible it will be quicker as we wouldn't need multiple ACL entries for each content rule.




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Fri, 05/02/2008 - 11:59
User Badges:
  • Cisco Employee,

I have seen cases where it works and where it doesn't work.

Honestly I don't know what should be the right behavior.

So, I would suggest to give it a try.


Gilles.

Actions

This Discussion